Data packet generator for generating passcodes

ABSTRACT

A data packet generator periodically generates a data packet including a passcode comprising a plurality of characters. The data packet is sent to a server or a computing device for validation. If validated, the data packet is used, for example, to identify the location of a user or device. Additional systems and methods involving such a data packet generator are also disclosed.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a Continuation of U.S. application Ser. No.16/692,747, filed on Nov. 22, 2019, titled DATA PACKET GENERATOR FORGENERATING PASSCODE, which is a Continuation of U.S. application Ser.No. 15/932,329, filed on Feb. 16, 2018, titled DATA PACKET GENERATOR FORGENERATING PASSCODES, which is a Continuation of U.S. application Ser.No. 14/593,506, filed on Jan. 9, 2015, titled DATA PACKET GENERATOR FORGENERATING PASSCODES, which is a Continuation of U.S. application Ser.No. 13/626,610, filed on Sep. 25, 2012, titled DATA PACKET GENERATOR FORGENERATING PASSCODES, which is a Continuation of Ser. No. 12/544,798,filed on Aug. 20, 2009, issued as U.S. Pat. No. 8,351,408 on Jan. 8,2013, titled DATA PACKET GENERATOR FOR GENERATING PASSCODES, whichclaims priority to U.S. Provisional Application No. 61/138,295 filed onDec. 17, 2008, entitled PASSCODE GENERATOR AND AUTHENTICATION PROCESS;and to U.S. Provisional Application No. 61/105,202 filed on Oct. 14,2008, entitled PASSCODE GENERATOR AND AUTHENTICATION PROCESS; and toU.S. Provisional Application No. 61/090,461 filed on Aug. 20, 2008,entitled PASSCODE GENERATOR AND AUTHENTICATION PROCESS, the disclosuresof which are hereby incorporated by reference in their entireties. Tothe extent appropriate, a claim of priority is made to each of theabove-disclosed applications.

TECHNICAL FIELD

This application relates to an electronic device that generates a datapacket, and more particularly to a data packet generator that generatesunique codes periodically and associated systems and methods.

BACKGROUND

The two greatest expenses for most companies are human resources andreal estate. Human resources involves the employment of a skilledworkforce and includes related expenses such as salaries, retirementcontributions, health care contributions, and the like. Real estateinvolves the buildings and other facilities in which those employeeswork, and includes expenses such as rent, utilities, and property taxes.In addition to these aspects of a company, information technology is athird aspect that is becoming more critical to most companies.Information technology includes the management of technology resourcessuch as computers, telephones, and other electronic devices. In today'sworld, information technology is crucial to most businesses.

Traditionally, each of these aspects of a company has been able to worksomewhat autonomously. Human resources and real estate needs did notchange rapidly, and as needs changed, there was adequate time toconsider the options and make decisions. Information technology wastraditionally not a crucial part of most business.

Today's business environment is changing. Rapid changes are becoming thenorm. Employees are increasingly mobile, with current technologyallowing them to perform their work anywhere. The office is becoming athing of the past as employees are increasingly working from temporarywork stations, their homes, their cars, or out in the field. Enormouseffort is required for the real estate department or other decisionmakers to understand the company's needs at any given time. Similarly,as employees move, the information technology department is challengedto allocate and distribute technology resources where they are needed.If the technology is not available when needed, employee productivityand efficiency suffers. Needs change from one day to another; butcompanies lack adequate tools to help them track, understand, andrespond to these ever changing needs.

SUMMARY

In general terms, this disclosure is directed to a data packetgenerator. In one possible configuration and by non-limiting example,the data packet generator is a semi-transient electronic device thatgenerates a data packet. In some embodiments the data packet includes atleast one passcode that changes periodically.

One aspect is a data packet generator comprising: a processing device;memory storing data instructions, which when executed by the processorcause the processor to periodically generate a passcode, the passcodeincluding a plurality of characters; an output device that outputs adata packet including a passcode; and an attachment device configuredfor semi-permanent attachment to an object.

Another aspect is a method of determining a location, the methodcomprising: receiving at a computing device a data packet from a datapacket generator, the data packet including at least one passcode;determining with the computing device a location associated with thepasscode; and identifying with the computing device the location in acomputer-aided design drawing.

Yet another aspect is a method of communicating a passcode, the methodcomprising: generating with a data packet generator a passcode, the datapacket generator including a processor device, memory, and a wirelesscommunication device; and communicating using the wireless communicationdevice a service set identifier, the service set identifier includingthe passcode.

A further aspect is a method of authenticating, the method comprising:receiving with a computing device a passcode generated at a first timeby a data packet generator of a plurality of data packet generators;determining with the computing device whether the passcode is a validpasscode; determining with the computing device whether the passcodeshould have been generated by any of the plurality of data packetgenerators at the first time; and authenticating with the computingdevice the passcode if the passcode is a valid passcode and if thepasscode should have been generated by any of the plurality of datapacket generators at the first time.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a schematic block diagram of an exemplary authenticationsystem 100 according to the present disclosure.

FIG. 2 is a schematic perspective view of an exemplary workstation ofthe authentication system shown in FIG. 1 .

FIG. 3 is a schematic block diagram of an exemplary data packetgenerator of the authentication system shown in FIG. 1 .

FIG. 4 is a schematic perspective view of the data packet generatorshown in FIG. 3 .

FIG. 5 is a schematic perspective view of another exemplary data packetgenerator according to the present disclosure.

FIG. 6 is a schematic perspective view of another exemplary data packetgenerator according to the present disclosure.

FIG. 7 is a schematic flow chart of an exemplary method of operating adata packet generator according to the present disclosure.

FIG. 8 is a schematic flow chart of an exemplary method of operating adata packet generator according to the present disclosure.

FIG. 9 is a functional block diagram of an exemplary computing device ofthe authentication system shown in FIG. 1 .

FIG. 10 is a functional block diagram of an exemplary server of theauthentication system shown in FIG. 1 .

FIG. 11 is a schematic flow chart of an exemplary method of operating aserver of the authentication system shown in FIG. 1 .

FIG. 12 is a schematic flow chart of an exemplary method of controllingaccess to a protected resource according to the present disclosure.

FIG. 13 is a schematic flow chart illustrating an exemplary method ofidentifying a data packet generator according to the present disclosure.

FIG. 14 is a schematic screen shot of an exemplary user interfaceaccording to the present disclosure.

FIG. 15 is a schematic screen shot of another exemplary user interfaceaccording to the present disclosure.

FIG. 16 is a schematic screen shot of another exemplary user interfaceaccording to the present disclosure.

FIG. 17 is a schematic block diagram of another exemplary authenticationsystem according to the present disclosure.

FIG. 18 is a schematic screen shot of another exemplary user interfaceaccording to the present disclosure.

FIG. 19 is a bottom perspective view of another example data packetgenerator according to the present disclosure.

FIG. 20 is a top perspective view of the data packet generator shown inFIG. 19 .

FIG. 21 is a schematic side view of an example tamper sensor accordingto the present disclosure.

FIG. 22 is a schematic plan and cross-sectional view of the exampletamper sensor shown in FIG. 21 .

FIG. 23 is a screen shot of an example user interface displaying a spaceutilization intensity map according to the present disclosure.

FIG. 24 is a schematic block diagram of an example authentication systemaccording to the present disclosure.

FIG. 25 is a state diagram illustrating an example method of operating adata packet generator according to the present disclosure.

FIG. 26 is a state diagram illustrating an example alert mode of themethod shown in FIG. 25 .

FIG. 27 is a flow chart of an example method of operating a data packetgenerator in a manual alert mode of the alert mode shown in FIG. 26 .

FIG. 28 provides an example of the method shown in FIG. 27 .

FIG. 29 is a flow chart of an example method of operating a data packetgenerator in an automatic alert mode of the alert mode shown in FIG. 26.

FIG. 30 is provides an example of the method shown in FIG. 29 .

FIG. 31 is a schematic block diagram of an example authentication systemaccording to the present disclosure.

FIG. 32 is a schematic diagram of an example DNA strand for illustratingan embodiment of identification according to the present disclosure.

FIG. 33 is a schematic diagram providing a comparison between a singleDNA strand and a numerical code.

FIG. 34 is a schematic diagram illustrating an example facilityaccording to the present disclosure.

FIG. 35 is a schematic block diagram of another example system includinga data packet generator.

FIG. 36 is a schematic block diagram of an example data packetgenerator.

FIG. 37 is a plan view of an example data packet generator.

FIG. 38 is a side view of the example data packet generator shown inFIG. 37 .

FIG. 39 is another side view of the example data packet generator shownin FIG. 37 .

FIG. 40 is a schematic perspective view of an example system includinganother example data packet generator.

FIG. 41 is a side view of the example data packet generator shown inFIG. 40 .

FIG. 42 is a plan view of the example data packet generator shown inFIG. 41 .

FIG. 43 is a perspective view of an example charging station for a datapacket generator.

FIG. 44 is a perspective view of the example charging station shown inFIG. 43 including a plurality of data packet generators stacked thereon.

FIG. 45 is a perspective view of another example data packet generator.

FIG. 46 is a front view of another example data packet generator in theform of a hoteling hub.

FIG. 47 is a front view of another example data packet generator in theform of a network receptacle.

FIG. 48 is a front view of another example data packet generator in theform of a power receptacle.

FIG. 49 is another example embodiment of a data packet generator in theform of a clock.

FIG. 50 is a schematic block diagram of a system including a data packetgenerator.

FIG. 51 is a schematic diagram of an example mesh network of data packetgenerators.

FIG. 52 is a block diagram of an example data packet.

FIG. 53 is a block diagram of another example data packet.

FIG. 54 is a schematic diagram of an example computing device, such asthe computing device shown in FIG. 1 .

DETAILED DESCRIPTION

Various embodiments will be described in detail with reference to thedrawings, wherein like reference numerals represent like parts andassemblies throughout the several views. Reference to variousembodiments does not limit the scope of the claims attached hereto.Additionally, any examples set forth in this specification are notintended to be limiting and merely set forth some of the many possibleembodiments for the appended claims.

FIG. 1 is a schematic block diagram of an exemplary authenticationsystem 100 according to the present disclosure. System 100 is an exampleof a location authentication system. System 100 includes workstation102, workstation 104, communication network 106, server 108, computingdevice 120, data packet generator 122, computing device 130, and datapacket generator 132. Data packet generators 122 and 132 operate, insome embodiments, to output a passcodes 124 and 134, respectively.

Workstations 102 and 104 are physical locations that are known by server108. Often workstations 102 and 104 are physical locations where peoplework, such as an office, a cubicle, a conference room, a reception desk,or a security booth. Other embodiments include other physical locations,such as a particular location of a room or building, or a particularphysical location in the outdoors, such as the physical location near atree, park bench, or lake, or a particular location as identified by aglobal positioning system coordinate, or a latitude and longitudecoordinate. In some embodiments, a workstation is any physical locationwhere a data packet generator is located. As just one example,workstations 102 and 104 are sometimes referred to herein as being aphysical location within a building, such as an office, desk, room, orcubicle.

Within workstations 102 and 104 are computing devices 120 and 130,respectively. An example of a computing device 120 or 130 is a personalcomputer. Other examples of computing devices include a handheldcomputer, a server, a mobile device, a cell phone, a smart phone, apersonal digital assistant, or any device having a processing device,memory, and a communication system suitable for data communicationacross network 106. An example computing device 120 is described in moredetail with reference to FIG. 9 .

In some embodiments, Data packet generators 122 and 132 are devices thatgenerate a data packet, such as passcodes 124 and 134. Data packetgenerators 122 and 132 are alternatively referred to as code generatorsin some embodiments, such as when a data packet includes a passcode.Such codes generated by data packet generators 122 and 132 are typicallyformed of a quantity of characters. The quantity of characters istypically in a range from 1 to 25, and preferably in a range from 5 to10 characters. For example, in some embodiments the passcode includes 7characters. In general, a larger quantity of characters results in alarger quantity of unique passcode combinations that are available. Onthe other hand, long passcodes are sometimes less desirable, such aswhen a passcode is to be entered manually. In some embodiments a singlecharacter of a passcode is provided at a time, with subsequent digitsbeing provided one-by-one (or two-by-two, etc.) until a single datapacket generator has been uniquely identified.

The characters from which the passcodes 124 and 134 are composed aretypically selected from alphanumeric characters so that they are easilyrecognizable to a user, although other characters are used in otherembodiments. For example, in the English language the alphabet includes26 letters (A through Z) and 10 numbers (0 through 9). Thus, someembodiments include 36 possible characters made up of the combination of26 letters and 10 numbers, sometimes referred to as base 36. In someembodiments the letters I, O, and Q and the numbers 0 and 1 are not usedbecause of the similarities in the letters and numbers. This reduces thechance that a user will misidentify a character of the passcode. Thus,some embodiments include 31 possible characters composed of 23 lettersand 8 numbers, sometimes referred to as base 31. In yet otherembodiments, only numbers are used. Thus, some embodiments include 10characters, sometimes referred to as base 10. Other embodiments includeother alphanumeric characters, such as those of other languages, orother character systems (e.g., Braille).

In some embodiments, data packet generator 122 and 132 output more thanone passcode at a given time. For example, some data packet generatorsdisplay a previous passcode, a current passcode, and a next passcode.Other embodiments generate two or more passcodes at any given time. Insome embodiments all passcodes are valid while being output by a datapacket generator. This is useful, for example, if multiple passcodes areneeded, such as for method 1300 (described below with reference to FIG.13 ).

In some embodiments, data packet generators 122 and 132 generate one ormore passcodes that are used to communicate a unique identifier forsubsequent authentication. The identifier itself takes up no space(because numbers and time require no space in and of themselves). Theonly space that is consumed is that of the data packet generator, whichacts to generate and output the identifier. When the data packetgenerator is implemented by software (as some embodiments are) the spaceutilization of the system approaches zero, absent the space consumed bythe devices that are implementing the data packet generator andperforming processing and communication steps involving the data packetgenerator and/or passcode.

Communication network 106 is a data communication network thatfacilitates data communication between computing device 120 or 130 andserver 108, and/or between data packet generators 122 or 132 and server108. An example of network 106 is the Internet. Other examples ofnetwork 106 include an intranet, extranet, local-area network (LAN),wireless network (such as conforming to the 802.11 protocols), cellularnetwork, telephone network, and other known data communication networks.In some embodiments two or more communication networks are used.

Server 108 is a computing device that stores data associated with datapacket generators 122 and 132, and in some embodiments operates tovalidate passcodes generated by data packet generators 122 and 132.Server 108 is also configured to communicate with computing devices 120and 130 across network 106. Although server 108 is illustrated as asingle device, in some embodiments server 108 includes multiple servers108, such as a computer cluster.

Server 108 typically includes a database. In some embodiments, thedatabase contains data relating to data packet generators 122 and 132,such as the location of the data packet generators 122 and 132, as wellas passcode information that permits sever 108 to determine whatpasscode will be generated by the respective data packet generator 122or 132 at a particular time. As discussed herein, the passcodeinformation includes in some embodiments a table of all passcodes foreach data packet generator, while in other embodiments the passcodeinformation includes a mathematical formula and seed informationnecessary to compute the passcodes.

Some embodiments include more than one server 108. For example, onealternative embodiment includes two servers. The first server is a localserver operated by a single company or location, and the other server isa remote server that may be overseeing multiple companies or locations.The remote server is configured to recognize passcodes for some or alldata packet generators in a particular company or location. In someembodiments, the remote server provides seed information allowing thelocal server to perform at least some of the functions of the remoteserver for a period of time. In some of these embodiments, the remoteserver communicates relevant passcode information to the local server,which then operates to validate passcodes from data packet generatorsover a period of time. In some embodiments, the remote server providesonly a limited number of passcodes to allow the local server to operatefor a limited period of time (e.g., 90 days) without renewing with theremote server. After the period of time has elapsed (or shortly before),the local server receives another set of passcodes from the remoteserver to continue operation. Other embodiments include more than twoservers. In further embodiments, multiple servers are used to distributeworkload or for redundancy.

One possible example of a local server is a jumpnode server, such asdistributed by Jumpnode Systems LLC located in Minneapolis, Minn., US,that allows data to be shared outside of the local area network, such aswith a remote server. In this example, the jumpnode server permitscommunication to the remote server, but can be configured to prohibitcommunication into the local area network. In some embodiments, thejumpnode server sends communications including data packets or data fromdata packet generators to a remote server or other computing device.

In some embodiments system 100 operates as a location authenticationsystem to authenticate the location of a user, computing device, orother device. An example authentication process will now be describedwith reference to FIG. 1 . In this example, system 100 operates todetermine whether a user is working at workstation 102, or if the useris at workstation 104, or whether the user may not be at eitherworkstation 102 or workstation 104. As an example, assume a user isworking at workstation 102 and is using computing device 120.

An example authentication process begins with data packet generator 122displaying passcode 124 and data packet generator 132 displayingpasscode 134. The user at workstation 102 is prompted by computingdevice 120 to enter a passcode. Since the user is located in workstation102, passcode 124 is visible to the user on the display of the datapacket generator 122. As a result, the user reads passcode 124 andenters passcode 124 into computing device 120.

Computing device 120 receives the passcode, and transmits the passcodeacross network 106 to server 108. Server 108 receives the passcode.Server 108 then determines whether passcode 124 should have beendisplayed by any data packet generator 122 or 132, and if so, which datapacket generator it was displayed by. In this case, server 108identifies the passcode as being associated with workstation 102. Inthis way, the location of the user is authenticated as being atworkstation 102.

In another possible embodiment, computing device 120 and/or server 108operate to monitor a transition of a passcode from a first passcode to anext passcode. Validation occurs only if the transition occurs betweentwo valid passcodes at an expected time. For example, computing device120 is programmed to monitor the transition to confirm that a validtransition occurs at the expected time. Alternatively, computing device120 is programmed to monitor a transition and to report the passcode toserver 108 within a predetermined period of time, such as within one tofive seconds. Other embodiments allow more or less time (e.g.,milliseconds or tens of seconds). Such validation can be used to reduceor prevent the chance that a person or device would transferring a codefrom a data packet generator to a remote location and then falselyreport that code as an identification of the present location. Suchvalidation processes that monitor a passcode transition can be referredto as changing-of-the-guards validation processes. Further, someembodiments monitor and validate only if multiple passcode transitionsoccur at the expected times.

In some embodiments, authentication system 100 operates as a locationauthentication system. The location authentication system 100 operatesto authenticate a location of a user or device. For example, in largecompanies employees are frequently moved between various office spaces.It is sometimes desirable to identify the location of a particularemployee, such as to know what workstation that the employee iscurrently working at. To do so, a login screen is presented to theemployee on computing device 120 each time that the employee logs intothe computer system and/or periodically while the employee continues toaccess the network. In some embodiments, the login screen requests theusername and password (e.g., see user interface 1400, shown in FIG. 14). The login screen also requests that the employee enter the passcodeshown on the data packet generator associated with the workstation(e.g., workstation 102). The username and password are typically used toauthenticate who the employee is, and the passcode is used to identifywhere the employee is. Once the location of the employee is known, thelocation data may be stored for subsequent use. For example, an employeedirectory is updated to accurately reflect the location of the employee.Some embodiments request one or more of the username, password, andpasscode. In some embodiments the username is not required; such as ifit was previously saved or is otherwise already known by the computersystem or server.

As another exemplary embodiment, authentication system 100 is used insome embodiments to control access to protected resources based upon thelocation of the user. For example, a problem with wireless networks isthat the signal from a wireless router often extends beyond the physicalborders of a building. Authentication system 100 is used in someembodiments to require that only those present within the building aregranted access to the wireless network or to particular protectedresources. This is accomplished, for example, by requiring a user toenter a passcode from a data packet generator as part of a network loginprocess or to retain network access that has previously been granted.The passcode is then evaluated either to identify the data packetgenerator that generated the passcode or deny the access request. Oncethe data packet generator becomes known, the location of thecorresponding user is identified. If the location of the user isdetermined to be within the boundaries of the building (or satisfiesother criteria, such as on a particular floor, in a particulargroup—e.g., the accounting department, etc.), the user is permitted toaccess the wireless network or protected resource. In some embodiments,authentication system 100 requires a user to be at a particularworkstation (rather than merely within a group of workstations) in orderto access the network or particular protected resources on the network.Some embodiments are used to control access to a wireless network withina home or residence. These examples are provided as just some of themany possible embodiments. Many other embodiments are discussed below.

An example of a wireless access point of a wireless network is shown inFIG. 50 , herein.

Examples of protected resources include data stored on a computingdevice and functions performed by a computing device. In someembodiments, protected resources are local to a data packet generator,local to a computing device, or remote, such as operating on a server.In some embodiments protected resources are provided by an applicationservice provider. Protected resources are sometimes part of a Softwareas a Service (SaaS) application, or an application commonly referred toas a cloud computing. Other examples of protected resources include roomor building control systems, such as room electricity, lighting, a roomscheduling system, and voice/data access.

FIG. 2 is a schematic perspective view of an exemplary workstation 102including computing device 120 and data packet generator 122.Workstation 102 also includes walls 202 and desktop 204. Workstation 102is, for example, a cubicle located within a building. The cubicle istypically arranged in a particular floor of the building, in aparticular room or location of the building. In some embodiments, theworkstation 102 is identified by a workstation identifier 206 (e.g.,N102).

Some embodiments of workstation 102 include walls 202 that define theouter boundary of the workstation. Workstation 102 also typicallyincludes a desktop 204 that provides a solid work surface. In someembodiments desktop 204 is connected to and supported by walls 202. Inother embodiments, desktop 204 is a desk that is not connected to walls202 but is within the outer boundary defined by walls 202. At least partof computing device 120 (e.g., a display) is typically supported bydesktop 204.

In this example, data packet generator 122 is attached or associatedwith workstation 102. The attachment is permanent in some embodiments,while it is somewhat permanent in other embodiments. For example, datapacket generator 122 is attached to desktop 204 in some embodiments in amanner that would require disassembly of the desk or that would requirespecialized tools in order to disassociate the data packet generatorfrom desktop 204. In other embodiments, data packet generator 122 isattached to walls 202. In other embodiments, data packet generator 122is attached to another part of workstation 102 other than desktop 204 orwalls 202 (e.g., another structure within workstation 102). In otherembodiments, data packet generator 122 is attached to something nearworkstation 102 (e.g., a floor, a ceiling, an architectural wall). Somespecific examples are shown herein, such as in FIG. 47-48 . In yet otherembodiments, data packet generator 122 is contained by or integratedwith a component of workstation 102 (e.g., a tile or the worksurface).

As shown in FIG. 2 , data packet generator 122 is preferably locatednear to computing device 120, so that a user in workstation 102 that isusing computing device 120 can easily identify a passcode generated bydata packet generator 122.

In some embodiments, two or more data packet generators are associatedwith each location. This provides redundancy, for example, if a datapacket generator were to malfunction. Alternatively, a second oradditional data packet generator may be used if a code generated by afirst data packet generator is not unique at that time (such as for usein method 1300 described with reference to FIG. 13 ). In such an event,the second data packet generator is used to provide a second passcode touniquely identify the location or data packet generators.

FIG. 3 is a schematic block diagram of an exemplary data packetgenerator 122. In some embodiments, data packet generator 122 includeshousing 302, microprocessor 304, power source 306, output device 308,input device 310, tamper sensor 312, and attachment device 314.Microprocessor 304 includes timer 320 and memory 322.

Housing 302 is a protective enclosure of data packet generator 122. Insome embodiments housing 302 is a metal enclosure, but in otherembodiments housing 302 is made of other materials such as plastic.Housing 302 is sealed in some embodiments, such as to be water resistantor water proof. Further, some embodiments of housing 302 are designedwith seals that are tamper resistant. In some embodiments temper-evidentseals are provided across housing joints. An example of a tamper-evidentseal is a label adhered with an adhesive across a housing joint. If thejoint is opened, the label will tear. A warning against opening housing302 is printed on the tamper-evident seal in some embodiments. In thisway the label acts to reveal if someone has attempted to open housing302.

Microprocessor 304 is a processing device that is typically enclosedwithin housing 302. Examples of a suitable microprocessor include acentral processing unit (“CPU”), microcontroller, programmable logicdevice, field programmable gate array, digital signal processing (“DSP”)device, and other types of microprocessors. Microprocessor 304 may be ofany general variety such as reduced instruction set computing (RISC)device, complex instruction set computing device (“CISC”), or speciallydesigned processing device such as an application-specific integratedcircuit (“ASIC”) device.

In some embodiments microprocessor 304 includes timer 320 and memory322. In other embodiments, timer 320 and memory 322 may be separatefrom, or in addition to microprocessor 304. Timer 320 is used bymicroprocessor 304 to measure the passage of time. For example, in someembodiments a new passcode is generated by data packet generator 122periodically. Timer 320 is used to measure the period of time. After theperiod of time has elapsed, a new passcode is generated and output usingoutput device 308. The period of time is typically in a range from about1 second to about 5 minutes, and preferably from about 30 seconds toabout 2 minutes when manual passcode entry is involved. In someembodiments the period of time is short to provide rapid passcodechanges, such as eight passcode changes per second. Rapid passcodechanges are more typically used when the output is not dependent onmanual entry of the passcode. In other embodiments, the period of timeis long to provide infrequent passcode changes, such as in a range fromabout 24 hours to about three months.

Memory 322 is used by microprocessor to store data. For example, apasscode is stored in memory 322 in some embodiments. In otherembodiments, memory 322 stores a formula that is used to generate apasscode. Memory 322 also stores an identifier (such as a serial number)of data packet generator 122 in some embodiments. Software or otherprogram code may also be stored in memory 322 in some embodiments thatdefine logical operations of data packet generator 122.

Data packet generator 122 typically includes power source 306 withinhousing 302. Power source 306 supplies power to the electronic devicesof data packet generator 122, such as microprocessor 304, output device308, input device 310, and in some embodiments tamper sensor 312. Anexample of power source 306 is a battery. In other embodiments, powersource 306 is a power supply circuit that receives power from a sourceexternal to housing 302, such as a wall outlet. In other embodiments,power source 306 is a power jack or terminal that is connected tohousing 302 and is configured to receive power from an external source,such as from a power adapter. When power source 306 is a battery, it issometimes helpful to have a secondary power source in place (anotherbattery) so that changing the primary battery does not cause a loss ofelectric energy to the data packet generator 122. In some embodimentspower is received from an Ethernet cable, such as from a Power overEthernet (PoE) system.

Output device 308 generates one or more outputs. One of the outputs istypically passcode 124 (shown in FIG. 1 ). Examples of output device 308include a visual display device, and audible output device, a vibratoryor sensory output device, a wireless signal output device (e.g.,wireless communication device 3622, shown in FIG. 36 ), a wired signaloutput device (e.g., a network interface 3610, shown in FIG. 36 ), andother output devices. Examples of visual display devices include alight-emitting diode (LED) display, a liquid crystal display (LCD), acathode ray tube (CRT), a vacuum fluorescent display (VFD), a sheet ofelectronic paper, and other display devices. In some embodiments, visualdisplay devices include a backlight to assist a user in viewing thevisual display device in poorly lit environments. Examples of audibleoutput devices include a speaker, headset, buzzer, alarm, and otheroutput devices. In some embodiments, an audible output device providesan alert to a user. In other embodiments, an audible output deviceprovides information (such as a passcode) sufficient for use by a userthat is vision impaired. Examples of vibratory or sensory output devicesinclude a vibrator and a Braille terminal. In some embodiments, outputdevice 308 is or includes a data communication device. The datacommunication device is used by data packet generator 122 to communicatewith another device, such as computing device 120, server 108, anotherdevice connected to network 106, or another device. Examples of datacommunication devices include a network communication device, a wirelesscommunication device (e.g., wireless communication device 3622, shown inFIG. 36 ), a modem, a cellular communication device, a radio-frequencytransmitter, or other communication devices. In some embodiments a radiofrequency identification (RFID) tag acts as a communication device(e.g., to communicate the serial number of the data packet generator).In some embodiments, data packet generator 122 includes two or moreoutput devices 308.

In some embodiments, output device 308 is a visual display device, suchas an LCD. Data packet generator 122 operates, in some embodiments, togenerate a passcode 124 using microprocessor 304. The passcode 124 isthen displayed by output device 308. After a period of time, thepasscode 124 is typically changed to a new passcode 124. The newpasscode 124 is then displayed by output device 308 instead of theprevious passcode.

Other output devices 308 are used for other purposes in someembodiments, such as to provide audible feedback when an input device310 is activated (e.g., generate a sound when a button is pressed), orto provide an alarm if tampering is detected by tamper sensor 312.

Input devices 310 operate to receive one or more inputs. Someembodiments of data packet generator 122 do not include an input device310 because no input is required. Other embodiments of data packetgenerator 122 do include one or more input devices 310. Examples ofinput devices include a button, a switch, a microphone, a mouse, akeyboard, a keypad, a magnetic sensor, a radio-frequency receiver, andother input devices. Some output devices 308 also operate as an inputdevice 310. Examples of devices that act as both input and outputdevices include a touch screen display and at least some datacommunication devices such as a USB port.

An example of a use for input device 310 is as a power saving feature.For example, in some embodiments input device 310 is a depressablebutton arranged on a face of data packet generator 122. When inputdevice 310 is pressed, the current passcode (e.g., 124, shown in FIG. 1) is displayed for a period of time by output device 308. The rest ofthe time, output device 308 is powered off, or in a lower power state.As a result, considerable energy savings is realized.

Another example of a use for input device 310 is for syncing data packetgenerator 122 with another device, such as server 108 (shown in FIG. 1). In some embodiments it is desirable to have timer 320 synced with atimer of server 108. To do so, input device 310 may include a datacommunication device, such as to communicate with server 108 acrossnetwork 106. One or more messages may be sent between data packetgenerator 122 and server 108 to ensure that data packet generator 122and server 108 are in sync. Some embodiments do not requiresynchronizing between data packet generator 122 and server 108. Otherembodiments require only a single syncing operation during manufacturingor initial setup, and do not require further syncing thereafter.

In an alternative embodiment, input device 310 is a data communicationport through which it is connected with computing device 120. The datacommunication port allows computing device 120 to communicate directlywith data packet generator 122. If desired, server 108 is alsoconfigured to communicate with data packet generator 122 throughcomputing device 120 in some embodiments.

In some embodiments, data packet generators 122 and 132 communicatedirectly with server 108 across communication network 106 or anothercommunication network. For example, as discussed in more detail herein,some embodiments of data packet generators 122 and 132 are directlyconnected to the network 106, such as through an Ethernet cable. Otherembodiments include a wireless communication system, and are configuredto utilize a wireless access point to communicate across network 106.

Some embodiments of data packet generator 122 include a tamper sensor312. An example of tamper sensor 312 is a motion sensor, such as anaccelerometer. If the motion sensor detects motion, data packetgenerator 122 may be programmed to take appropriate action. For example,data packet generator 122 may sound an alarm. The alarm may be anaudible or visible warning that movement has been detected. The alarmmay alternatively be a message sent across a communication network (e.g.network 106). For example, a message may be sent to server 108 orelsewhere, such as to a security booth. In other embodiments, datapacket generator acts to generate a code or series of codes thatindicate to the server 108 that tampering has occurred.

In some embodiments tamper sensor 312 includes a Global PositioningSystem or other location identifier. In such cases, the tamper sensor312 can be used as part of a larger system capable of monitoring thelocation of the data packet generator 122, and to identify movement ofthe data packet generator.

Data packet generator 122 typically includes attachment device 314 thatis configured for connecting housing 302 with another structure. Oneexample of an attachment device 314 is a fastener. Fasteners includescrews, nails, adhesive, rivets, bolts and nuts, and a wide variety ofother known fasteners. In some embodiments, fasteners are used that arenot easily removable. For example, in some embodiments screws includeone-way heads that are designed to be easily inserted but resistremoval. In other embodiments, screws include less common headconfigurations (as opposed to the most common slotted and Phillipsconfigurations) or non-standard shapes or sizes. Examples of less commonhead configurations include Torx and Robertson head configurations. Inaddition to (or in place of) fasteners, some embodiments of attachmentdevice 314 include brackets, pins, keyed slots or protrusions, or otherfeatures to aid in attaching housing 302 with another structure. In someembodiments the housing 302 is itself detachable from the attachmentdevice 314 and interchangeable with other attachment devices 314. Forexample, it may be desirable for data packet generator 122 to becompatible with various worksurface thicknesses. An appropriately sizedattachment device may then be selected from various differently sizedattachment devices to find an attachment device that most closelymatches the thickness of the worksurface. Similarly, different shapedattachment devices are used in some embodiments.

FIG. 4 is a schematic perspective view of an exemplary data packetgenerator 122. In this embodiment, data packet generator 122 includeshousing 302, output device 308, and attachment device 314. Housing 302includes face 402. Attachment device 314 includes angle bracket 410having a rear portion 412, a bottom portion 414, and fastener holes 416.

In this embodiment, output device 308 is a digital display, such as anLCD display. Output device 308 is arranged so that it is visible at theface 402 of housing 302. In some embodiments housing 302 includes asheet of transparent material, such as glass, across output device 308.In other embodiments output device 308 is connected in front of (orflush with) face 402 of housing 302.

Data packet generator 122 is configured, in some embodiments, to beconnected with a structure, such as a desktop as illustrated in FIG. 2 .Attachment device 314 is provided for this purpose, which includes anglebracket 410. Angle bracket 410 includes a rear portion 412 that extendsdownward from housing 302. Rear portion 412 typically extends slightlyfurther than the thickness of desktop 204. Bottom portion 414 isconnected to rear portion 412 at a joint or bend. Bottom portion 414 isconfigured to be placed against a bottom surface of a desktop, andincludes fastener holes 416 in some embodiments.

To connect data packet generator 122 to a desktop 204, angle bracket 410is arranged so that bottom portion 414 is against and generally parallelwith a bottom surface of the desktop 204. In addition, rear portion 412is arranged so that it is behind a rear side of the desktop 204. When inthis position, data packet generator 122 is arranged above a top surfaceof the desktop 204, such as shown in FIG. 2 . A fastener (not shown inFIG. 4 ) is then used to securely connect data packet generator 122 tothe bottom surface of the desktop 204.

The arrangement and configuration of attachment device 314 is only oneof many possible embodiments of attachment device 314. Other attachmentdevices 314 are used in other embodiments to match different desktop,wall, or workstation configurations. For example, another possibleembodiment is illustrated in FIG. 5 . In some embodiments the attachmentdevice is designed to fit between the back of a desktop and a partitionwall without requiring the desktop to be dismantled from it supports.

Data packet generator 122 typically includes an identifier 420, such asa serial number or other identifier. In some embodiments the identifier420 is printed on housing 302. In other embodiments identifier 420 isstored in memory of data packet generator 122. Yet another possibleembodiment includes an RFID tag that is configured to transmitidentifier 420 to an external RFID tag reader.

FIG. 5 is a schematic perspective view of another example data packetgenerator 122 and desktop 204. In this example, data packet generator122 includes housing 302 and adhesive patch 510. Desktop 204 includes arecessed region 502.

In this embodiment, data packet generator 122 is configured forinsertion into recessed region 502 formed in desktop 204. In thisembodiment data packet generator 122 does not include an angle bracket(e.g., angle bracket 410 shown in FIG. 4 ). Rather, data packetgenerator 122 is configured for insertion into recessed region 502 ofdesktop 204. Recessed region 502 has an outer periphery that is slightlylarger than the outer periphery of housing 302 and typically has a depthabout equal to the thickness of data packet generator 122.

An adhesive patch 510 is applied, in some embodiments, to a bottomsurface of data packet generator 122. An example of an adhesive patch isa layer of material having a layer of adhesive on either side. Peel-awayprotective layers are used to temporarily protect and seal the adhesivelayers until ready for installation, in some embodiments. After recessedregion 502 is formed, the data packet generator 122 and adhesive patch510 are inserted into recessed region 502. The bottom surface ofadhesive patch 510 adheres to the bottom of recessed region 502. Datapacket generator 122 is preferably positioned so that face 402 of datapacket generator 122 is generally flush with the top surface of desktop204. In some embodiments another layer is applied over the data packetgenerator 122, such as one or more layers of epoxy. In such embodiments,adhesive patch 510 may not be necessary, as the epoxy will supplyadequate adhesion. Other embodiments include other fasteners.

Alternatively, data packet generator 122 is arranged slightly below thetop surface of desktop 204 to leave room for a transparent face plate orother cover to be placed above data packet generator 122, and flush withthe top surface of desktop 204.

FIG. 6 is a schematic perspective view of another exemplary embodimentof a data packet generator 600 configured for attachment to a desktop204. In some embodiments, data packet generator 600 is integrated withother devices. For example, data packet generator 600 includes anintegrated power outlet 618. In this example, data packet generator 600includes housing 602, power source 606, output device 608, input device610, attachment device 614, fasteners 616, and power outlet 618. In someother embodiments, data packet generator 600 is integrated with otherdevices such as a pencil holder, digital image picture display, or otheraccessory, such as the example hoteling hub 4602 shown in FIG. 46 .

In this example, data packet generator 600 includes housing 602. In someembodiments, most components of data packet generator 600 are locatedwithin housing 602, but some components, such as output device 608,attachment device 614, and portions of input device 610 and power source606 are located external to housing 602.

Power source 606 receives power from an external source, such as a walloutlet, and is partially comprised of a power cord. The power cord canbe plugged into the wall outlet to receive power for data packetgenerator 600 as well as for power outlet 618. Some embodiments of datapacket generator 600 also include a battery. Some embodiments furtherinclude a battery charger that operates to charge the battery from thepower supplied by the wall outlet. The battery provides backup power todata packet generator 600 in the event that power is not available fromthe wall outlet. Other embodiments receive power from other sources,such as from a solar panel, power adapter, external battery, crank, orother power source.

In this embodiment, output device 608 is a display. Output device 608operates to display a passcode periodically on the display so that it isvisible to a user. In some embodiments, output device 608 is removablefrom housing 602. For example, output device 608 is connected via a wireso that output device 608 may be moved to a more convenient locationaway from housing 602. Output device 608 includes a fastener, such as anadhesive layer, a clip, or a hook-and-loop fastener layer in someembodiments that allow output device 608 to be arranged at a convenientlocation, such as on a wall of a workspace, on a computer monitor, onthe desktop, or any other desired location. In another embodiment,output device 608 is a display device that receives wireless data. Anexample of such a display device is a smartphone.

In some embodiments, data packet generator 600 includes input device610. Input device is, for example, a communication device and cable. Thecommunication cable is connectable to another device, such as acomputer, cell phone, wireless router, or other device to enable datapacket generator 600 to receive input communications. Input device 610is used in some embodiments, for example, to synchronize data packetgenerator 600 with a server, to provide a new set of passcodes or a newpasscode formula, or to receive other communications. In someembodiments the same input device 610 also allows data packet generator600 to send communications to an external source.

Attachment device 614 is connected to housing 602 and configured tosecurely attach housing 602 to desktop 204. In this embodiment,attachment device 614 is a C-shaped bracket having a top portion, a rearportion, and a bottom portion. The rear portion has a height that istypically slightly larger than the thickness of desktop 204. Attachmentdevice 614 is connected to the rear side of desktop 204 by arranging theattachment device 614 adjacent to desktop 204, and sliding it onto thedesktop 204 until the rear portion of the attachment device comes intocontact with the edge of desktop 204. Fasteners 616 are then insertedthrough fastener holes through the bottom portion and into the bottomsurface of the desktop 204.

Power outlet 618 is provided at the face of data packet generator 600.The power outlet 618 provides an easily accessible source of power sothat a user can plug in another electric-powered device to power thedevice.

In some embodiments data packet generator 600 is integrated with one ormore other devices or components. Examples of other devices orcomponents include any portion of a workstation (e.g., cubicle tile,wall, cabinet, etc.), a telephone, a computer, a nameplate, a pen/pencilholder, a picture frame, a clock, a cup holder, a television, a ceiling,a floor, or other devices or components. An example is shown in FIG. 49herein.

FIG. 7 is a schematic flow chart illustrating an exemplary method 700 ofoperating a data packet generator. Method 700 includes operations 702,704, 706, 708, 710, 712, and 714.

Method 700 begins with operation 702, during which a data packetgenerator receives a first set of passcodes. In some embodiments, a setof passcodes is received, such as from a server. The set of passcodesmay include any number of passcodes. The number of passcodes istypically in a range from about 30 passcodes to about 6 millionpasscodes or more. If, for example, the passcode were to change once perminute, about 5.25 million passcodes would allow a data packet generatorto continue operating for a period of about ten years. The set ofpasscodes is typically stored into memory. By receiving passcodes fromthe server, the data packet generator and the server are now inpossession of the same set of passcodes. In some embodiments, operation702 is performed during manufacturing of the data packet generator. Inother embodiments, communication occurs across a communication networkafter manufacturing.

Operation 704 is next performed to synchronize the data packet generatorwith the server. In some embodiments, synchronization involves setting aclock of the data packet generator to match the server's clock. In otherembodiments, synchronization involves identifying a start time in whichto begin displaying passcodes. Further, in some embodiments,synchronization also includes identifying one of the passcodes of theset of passcodes as a current passcode. For example, the server mayoperate in some embodiments to maintain all data packet generators insync. Thus, when a new data packet generator is synced, the serverinforms the new data packet generator of which code of the set of codesthe other data packet generators are currently on (e.g., the fifthpasscode), so that the new data packet generator is also synchronizedwith the other data packet generators (e.g., to display the fifthpasscode). An advantage of such synchronization is that the server maybe used, in some embodiments, to ensure that no two data packetgenerators will output the same passcode at the same time. However, someembodiments do allow data packet generators to display the same passcodeat the same time, as described in more detail below.

In some embodiments operation 704 is performed before operation 702 tosynchronize the data packet generator with the server before sending afirst set of passcodes. In other embodiments operations 702 and 704 areperformed simultaneously. In other embodiments the server begins toobserve data packet(s) that identify a single data packet generator asbeing the source of the data packet(s) (such as when the serial numberof the data packet generator is included within the data packet). Inthis scenario, one or more data packet retrievals can inform the serverabout the current status of the data packet passcode sequence (if suchpasscodes are in the data packet). Through preprogramming and memory,the server can then synchronize itself to that data packet generator sothat all future passcodes from that data packet generator arepredictable by the server. This is helpful, for example, in the case ofdata packet generators that are programmed (e.g., at the factory) to notstart generating passcodes until a tab is removed from the battery.

Operation 706 is next performed to output the current passcode. In someembodiments, operation 706 involves displaying the current passcode on adisplay. In other embodiments, operation 706 involves generating anaudible signal identifying the current passcode. In other embodiments,operation 706 involves communicating the passcode via a digitalcommunication signal or by using another output device.

After the passcode has been output, method 700 pauses to wait for a timeperiod to elapse with operation 708. The time period defines howfrequently the passcode is changed to a new passcode. A benefit ofchanging the passcode periodically is that it prevents someone fromviewing a passcode on a data packet generator and then later using it inan unauthorized manner from a different location. In general, the morefrequently the passcode is changed, the more difficult it would be forsomeone to use the passcode at a different location. The period of timeused in operation 708 is typically in a range from about 10 seconds toabout 1 hour, and preferably from about 30 seconds to about 2 minutes.In some embodiments, the time period is about one minute, such that thepasscode is updated about once per minute. One minute is typically asufficient amount of time for a user to manually enter a passcode.

Once the time period has elapsed, operation 710 is performed todetermine whether the current passcode is the last of the first set ofpasscodes. If so, operation 714 is performed to bring method 700 to anend. Alternatively, method 700 returns to the first passcode anddisplays the same passcodes again beginning with operation 706. In yetanother embodiment, a user alert is provided to inform the user that allpasscodes have been exhausted. In a further embodiment, the data packetgenerator initiates communication with a server to obtain a second setof passcodes and restarts method 700 to obtain the second set ofpasscodes.

If further passcodes remain, operation 712 is performed to increment thecurrent passcode to the next passcode of the first set of passcodes.Method 700 then returns to operation 706 where the next passcode isdisplayed as the current passcode.

FIG. 8 is a schematic flow chart of an exemplary method 800 of operatinga data packet generator. Method 800 includes operations 802, 804, 806,808, 810, 812, and 814.

Method 800 begins with operation 802 that stores a code generationalgorithm. In some embodiments, the code generation algorithm isprogrammed into the data packet generator during manufacturing and isstored in memory. In other embodiments, the code generation algorithm isreceived through an input device subsequent to manufacturing. Forexample, the code generation algorithm is received from another device,such as a server or a computing device, and is stored in memory. Inother embodiments the server begins to observe data packet(s) thatidentify a single data packet generator as being the source of the datapacket(s) (such as when the serial number of the data packet generatoris included within the data packet). In this scenario, one or more datapacket retrievals can inform the server about the current status of thedata packet passcode sequence (if such passcodes are in the datapacket). Through preprogramming and memory, the server can thensynchronize itself to that data packet generator so that all futurepasscodes from that data packet generator are predictable by the server.This is helpful, for example, in the case of data packet generators thatare programmed (e.g., at the factory) to not start generating passcodesuntil a tab is removed from the battery.

The code generation algorithm is an algorithm for generating randomnumbers or pseudorandom numbers for use as passcodes. In someembodiments, the passcodes are generated by a known algorithm so thatthey can also be accurately determined or predicted by the server. Insome embodiments, the code generation algorithm is cryptographicallysecure or substantially cryptographically secure. In some embodiments,the code generation algorithm is an algorithm for generatingpseudo-random numbers. One example of a code generation algorithmutilizes a linear congruential generator (LCG) algorithm. The LCGalgorithm is defined by the recurrence relation:

X _(n+1)=(aX _(n) +c)mod m

where X_(n) is the sequence of random values, m=modulus, a=multiplier,c=increment, and X₀=the seed or start value. m, a, c, and X₀ are integervalues. Other embodiments utilize other code generation algorithms, suchas the Mersenne twister algorithm developed by Makoto Matsumoto andTakusju Nishimura; Blum Blum Shub developed by Lenore Blum, Manuel Blum,and Michael Shub in 1986; the Crytographic Application ProgrammingInterface's CryptGenRandom distributed by Microsoft Corporation; theYarrow algorithm designed by Bruce Schneier, John Kelsey, and NielsFerguson of Counterpane Labs and incorporated into the Mac OS X; Fortunadevised by Bruce Schneier and Niels Ferguson; or other algorithms.

Another example of a code generation algorithm is the proprietarySecurID hash function developed by John Brainard, which is believed totake as an input a 64-bit secret key, unique to one singleauthenticator, and the current time (expressed in seconds since 1986).It then generates an output by computing a pseudo-random function basedon these two input variables.

Another possible embodiment includes a hardware random number generator,such as those based on microscopic phenomena including thermal noise,the photoelectric effect, or other quantum phenomena. Examples ofquantum phenomena include shot noise, nuclear decay, and the passage ofphotons through a semi-transparent mirror (such as used in the line ofcryptography products developed by id Quantique of Geneva, Switzerland.)

Some embodiments generate a passcode using base 31, rather than base 10.A base 31 code may be generated by first generating a number ofappropriate length using base 10 (or binary, if desired). The number isthen converted into base 31 using an appropriate conversion algorithm.Alternatively, an algorithm is used to generate a passcode in base 31directly.

In some embodiments the actual code generation algorithm is predefined,but operation 802 involves storing the start value and any othernecessary value in memory. In some embodiments the resulting number istruncated to generate a passcode of a desired number of characters. Inother embodiments, two or more resulting numbers are merged to form asingle passcode.

Operation 804 involves synchronizing the data packet generator with theserver. In some embodiments operation 804 involves setting a clock ofthe data packet generator to match a clock of the server. In otherembodiment, operation 804 involves identifying a time to display a firstcode.

In some embodiments operation 804 is performed before operation 802 tosynchronize the data packet generator with the server before storing thecode generation algorithm. In other embodiments operations 802 and 804are performed simultaneously.

A passcode is then generated through operation 806 using the codegeneration formula of operation 802. The passcode is typically stored inmemory after being generated.

Once the passcode has been generated it is output in operation 808. Insome embodiments operation 808 involves displaying the passcode. Inother embodiments the passcode is communicated in another manner, asdiscussed herein.

After the passcode is output, operation 810 is performed to wait until apredetermined time period has elapsed. In some embodiments the passcodeoutput in operation 808 is only valid during this time period.

After the time period has elapsed, operation 812 is performed todetermine whether the data packet generator has reached an end of life.In some embodiments data packet generators are configured to operateonly for a predetermined life span. For example, the life span istypically in a range from about one hour (such as for a data packetgenerator given to guests on a temporary basis) to about ten years.Other embodiments have other life spans outside of this range. Addedsecurity is achieved in some embodiments by limiting the life of datapacket generators to a predetermined duration. If the end of life hasbeen reached, operation 814 is performed to terminate operation of thedata packet generator. In some embodiments a warning or alert is givento the user. In further embodiments a user alert is provided in advanceof the end of life of the data packet generator.

If the end of life has not been reached, method 800 returns to operation806 to generate the next passcode, which is subsequently output inoperation 808.

In some embodiments data packet generators do not have a predeterminedlife span. As a result, some embodiments of method 800 perform operation806 immediately following operation 810 rather than performing the endof life check of operation 812.

Other embodiments of data packet generators operate in different mannersthan illustrated in FIGS. 7 and 8 . Some embodiments have additionalfeatures. For example, some data packet generators include a tampersensor (e.g., 312, shown in FIG. 3 ) that, in some embodiments, causesthe data packet generator to cease functioning if tampering is detected.Other embodiments include more or fewer features, methods, andprocesses.

FIG. 9 is a functional block diagram of an exemplary computing device120. In some embodiments, computing device 120 includes servercommunication module 900, authentication module 902, and data packetgenerator communication module 904. Not all modules are included in allembodiments of computing device 120, and some embodiments includeadditional modules.

Server communication module 900 operates, in some embodiments, tocontrol communications between computing device 120 and server 108across network 106 (shown in FIG. 1 ). In some embodiments, servercommunication module 900 is a Web browser that receives data definingone or more Web pages from server 108 and displays the Web pages to theuser. In other embodiments, server communication module 900 is a customsoftware module that communicates with server 108 according to a definednetwork communication protocol.

Authentication module 902 operates to require authentication from a userof computing device 120. In some embodiments, authentication module 902operates to require authentication before allowing access to a protectedresource. For example, in some embodiments authorization module 902 isconfigured to generate a user interface display when a user starts thecomputing device. (An example user interface display that is generatedby authentication module 902 in some embodiments is shown in FIG. 14 .)The authentication module 902, in some embodiments, prevents a user fromaccessing protected resources on the computing device (or on thenetwork) until proper authentication has been provided, such as a validpasscode. For example, once a passcode is entered, the authorizationmodule 902 operates to request validation of the passcode, by sendingthe passcode to the server using server communication module 900. Ifvalidated, the server returns a validation message that is delivered tothe authorization module 902. Upon receiving the validation message, theauthorization module 902 allows the user to access the protectedresource. Other embodiments operate in other manners, such as discussedherein.

Some embodiments of authentication module 902 require that a passcode beentered, but do not validate the passcode, and/or do not prevent accessif an invalid passcode is entered. Although such embodiments may not beused for very high security applications, such embodiments may be usedfor data logging or other purposes. For example, data may be gatheredand stored in memory relating to general space utilization. When apasscode is entered, data is stored identifying the location of theuser. The location data may be used to identify spaces that are highlyused, or spaces that are infrequently used, for example. In thisexample, the passcode is not being used for security purposes, andtherefore need not prohibit access to resources upon entry of an invalidpasscode. Rather, the data associated with an invalid code is discardedor stored as an erroneous entry. Alternatively, an algorithm is used insome embodiments to identify the data packet generator based on theinvalid code, such as by identifying a data packet generator that had acode that was very similar to the code entered by the user. If asubsequent report (e.g., a space usage report) is generated based on thedata, the data associated with an invalid code may be ignored forgenerating space usage reports.

In some embodiments authentication module 902 is not required, such asif the protected resource is located on a server (e.g., 108) rather thanon computing device 120. For example, if server 108 is a Web service,authentication may be handled by server 108 through a Web browser ofserver communication module 900, rather than locally on computing device120.

Some embodiments of computing device 120 include a data packet generatorcommunication module 904. The data packet generator communication module904 operates to communicate with one or more data packet generators. Insome embodiments, a data packet generator (e.g., 122, shown in FIG. 1 )is communicatively or otherwise coupled to computing device 120, such asvia wires or wirelessly or by being built into the computing devicehardware or software. A data communication protocol is typically used tocommunicate data between the data packet generator communication moduleand the data packet generator.

In its most basic hardware configuration, computing device 120 typicallyincludes a processing device, memory, and a communication device. Otherembodiments include other components. A processing device is a devicethat processes a set of instructions. One example of a processing deviceis a microprocessor. Alternatively, various other processing devices mayalso be used including central processing units (“CPUs),microcontrollers, programmable logic devices, field programmable gatearrays, digital signal processing (“DSP”) devices, and the like.Processing devices may be of any general variety such as reducedinstruction set computing (RISC) devices, complex instruction setcomputing devices (“CISC”), or specially designed processing devicessuch as an application-specific integrated circuit (“ASIC”) device. Amore detailed explanation of an example architecture of computing device120 is provided below with reference to FIG. 52 .

Examples of memory include volatile (such as RAM), and non-volatile(such as ROM and flash) memory. In some embodiments, memory is part ofthe processing device, while in other embodiments memory is separatefrom or in addition to that of the processing device.

In some embodiments, computing device 120 also includes one or moreadditional storage devices. Storage devices typically store digitaldata. For example, some embodiments of computing device 120 includeremovable storage or non-removable storage, including, but not limitedto, magnetic or optical disks or tape.

In some embodiments, memory and/or the storage device store datainstructions including one or more of an operating system, applicationprograms, other program modules, and program data. Modules 900, 902, and904 are instructions stored in memory, the storage device, or othercomputer-readable storage media in some embodiments.

FIG. 10 is a functional block diagram of an exemplary server 108. Insome embodiments, server 108 includes computing device communicationmodule 1000, passcode validation module 1002, and data packet generatormanager 1004. Data packet generator manager 1004 includes data packetgenerator database 1006.

Computing device communication module 1000 is a module that communicateswith computing devices, such as computing devices 120 and 130 (shown inFIG. 1 ). In some embodiments, computing device communication module1000 is a Web server that communicates data to computing devices that isdisplayed as a Web page by a Web browser. In other embodiments,computing device communication module 1000 is a custom software modulethat communicates with a computing device according to a defined networkcommunication protocol

Passcode validation module 1002 operates to receive a passcode, such asfrom the computing device communication module 1000 (which itselftypically receives the passcode from a computing device), and todetermine whether the passcode is valid. In some embodiments passcodevalidation module 1002 utilizes data packet generator manager 1004 anddata packet generator database 1006 to determine if a passcode is valid.In some embodiments passcode validation module 1002 generates avalidation output or a non-validation output and communicates thatoutput to computing device communication module 1000, where it is inturn communicated to the respective computing device to inform thecomputing device whether or not the passcode was validated. In someembodiments passcode validation module 1002 accesses a lookup table indata packet generator database 1006 to determine if the passcode isvalid. In other embodiments, passcode validation module computes thecurrent passcode for a particular data packet generator (such as basedon the known or expected location of the data packet generator, or basedon the serial number or other identifier of the data packet generator)and compares the current passcode with the received passcode todetermine whether or not the passcode is valid. Other embodiments ofpasscode validation module operate in other manners, such as discussedherein.

Data packet generator manager 1004 operates to manage data packetgenerators. In some embodiments the data packet generator manager 1004operates to oversee all active data packet generators, such as tomaintain a list of all active data packet generators. In someembodiments data packet generator manager 1004 is used to initialize adata packet generator to define the passcodes that will be generated bythe data packet generator. Some embodiments control or change theoperation of a data packet generator by communicating with the datapacket generator through computing device communication module 1000 anda computing device. Data packet generator manager 1004 operates in someembodiments to deactivate data packet generators (either by causingserver 108 to no longer validate passcodes generated by the data packetgenerator, or by communicating with the data packet generator to causethe data packet generator to stop generating passcodes), such as iftampering is detected or suspected, or if appropriate subscription feeshave not been paid. Other management features are performed by datapacket generator manager in some embodiments.

In some embodiments data packet generator manager 1004 includes datapacket generator database 1006. Data packet generator database includesan identifier of all active data packet generators (such as a serialnumber) and includes data relating to the passcodes generated by therespective data packet generator. Further, some embodiments include anidentification of the location of the data packet generator (such as aroom number, address, or other identification). In some embodiments datapacket generator database 1006 includes a list of all passcodes thatwill be generated by the data packet generator. In other embodiments thedata includes an algorithm for computing the passcodes. In yet otherembodiments, the data includes parameters that are used with analgorithm for computing the passcodes. An example of a parameter is aseed. In some embodiments, data packet generator database includesadditional or different information, such as a log of all attemptedpasscode validations, user information, data packet generatorinformation (such as when the data packet generator first beganoperating), or any other desired information. One example of a datapacket generator database is a CAFM system. CAFM systems are used, insome embodiments, to record the location of data packet generators, orother data from data packet generators.

As noted above, in some embodiments server 108 is a computing devicehaving a hardware configuration as discussed above with respect tocomputing device 120. Other embodiments have other configurations.

FIG. 11 is a flow diagram of an exemplary method 1100 of operatingserver 108 (shown in FIG. 10 ). For example, method 1100 is performed bypasscode validation module 1002 (also shown in FIG. 10 ) in someembodiments. Method 1100 includes operations 1102, 1104, 1106, and 1108.

Method 1100 begins with operation 1102 when a passcode validationrequest is received. In some embodiments, the passcode validationrequest includes a passcode. In some embodiments the passcode validationrequest is received from a computing device (e.g., 120). For example,the authorization module 902 generates the request and communicates therequest to server 108 through server communication module 900 (shown inFIG. 9 ). In some embodiments either the passcode or the passcodevalidation request are encrypted.

Operation 1104 is then performed to determine whether the passcode isvalid. In some embodiments, operation 1104 involves comparing thepasscode with a set of passcodes in a lookup table of a data packetgenerator database. Other validation processes are used in otherembodiments, such as described herein. If the passcode or passcodevalidation request are encrypted, operation 1104 involves decrypting ofthe passcode or passcode validation request.

If operation 1104 determines that the passcode is invalid, operation1106 is then performed. During operation 1106, a response is sent to theinitiator of the passcode validation request to inform the initiatorthat the passcode validation was unsuccessful.

If operation 1104 determines that the passcode is valid, operation 1108is then performed. During operation 1108, a response is sent to thesender of the passcode validation request informing that the passcodevalidation was successful. In some embodiments a key, password, or otherinformation is communicated with the response. In some embodimentsgranting access to resources is itself a communication of successfulpasscode validation.

Method 1100 is typically performed when a protected resource resides onor is accessible through a computing device.

FIG. 12 is a flow chart of an exemplary method 1200 of controllingaccess to a protected resource. Method 1200 includes operations 1202,1204, 1206, 1208, 1210, and 1212. In some embodiments, method 1200 isused when a protected resource is located on a server, such as server108 (shown in FIG. 1 ).

Method 1200 begins with operation 1202 to detect an attempt to access aprotected resource. In some embodiments, logging into a private Web siteis an attempt to access a protected resource. In other embodiments, arequest to open or otherwise access or modify a file is an attempt toaccess a protected resource. A protected resource is, for example, acomputing device function or data accessible through a computing devicethat is not generally available to the public and therefore has at leastsome access restrictions. Operation 1202 continues until an attempt toaccess a protected resource is detected.

Operation 1204 operates to request a passcode before allowing access tothe protected resource. In some embodiments, operation 1204 involvesgenerating a login request that is displayed as a Web page including afield in which a user is prompted to enter a passcode displayed by anearby data packet generator. In other embodiments, the passcode requestis a message that is sent across a network causing a computing device toprompt the user for a passcode.

After the passcode is requested in operation 1204, operation 1206 isperformed to wait for the passcode to be received. For example, uponbeing prompted to enter the passcode, a user uses an input device of acomputing device to enter the passcode currently displayed on a datapacket generator. In another embodiment, a user presses a button on thedata packet generator to cause the data packet generator to send thepasscode to a server. In yet another embodiment, the computing devicecommunicates with the data packet generator to receive the passcodedirectly from the data packet generator. In any event, the passcode fromthe data packet generator is communicated back to the server.

After the passcode is received, operation 1208 is performed to determinewhether the passcode is valid. If operation 1208 determines that thepasscode is not valid, operation 1210 is performed in some embodiments.Operation 1210 typically includes informing the user that the passcodewas incorrect. Operation 1204 is then performed to again request apasscode from the user. Additionally, operation 1210 may operate toblock access to the protected resource. In another embodiment, method1200 flows directly from operation 1208 to operation 1204 withoutoperation 1210 upon a determination that the passcode is not valid.

If the passcode entered is determined valid in operation 1208, thenoperation 1212 is performed to allow access to the protected resource.In some embodiments, operation 1212 operates to communicate therequested data to a computing device, or to perform a requestedfunction.

In a further embodiment, access to protected resources is controlledbased on a security level of the respective protected resource. In someembodiments, if a protected resource has a low security level, forexample, the method does not prohibit access to the protected resourcedue to an invalid passcode entry. If the protected resource has a highsecurity level, the method does prohibit access to the protectedresource due to an invalid passcode entry.

Some embodiments of method 1200 do not involve operation 1210, and donot require that a user reenter a passcode after determining that apasscode entered is incorrect. Such an embodiment, for example, storesinformation for any valid data code entered, but ignores invalid datacode entries. The data is useful, for example, for providing generalspace utilizing information as discussed in more detail below.

FIG. 13 is a flow chart illustrating an exemplary method 1300 ofidentifying a data packet generator. Method 1300 includes operations1302, 1304, 1306, 1308, 1310, 1312, 1314, 1316, and 1318. In someembodiments, passcodes generated by more than one data packet generatorshave a potential of being the same code at the same time. As a result,method 1300 is used in some embodiments to identify a particular datapacket generator from multiple possible data packet generators.

Method 1300 begins with operation 1302 in which a first passcode isreceived.

Operation 1304 is then performed to identify the specific data packetgenerators that are currently generating that passcode. If no datapacket generators are generating the passcode, operation 1306 isperformed. If exactly one data packet generator is generating thepasscode, operation 1308 is performed. If more than one data packetgenerator is generating the passcode, operation 1310 is performed.

Operation 1306 is performed to identify the passcode as an invalidpasscode if no data packet generators are currently displaying thepasscode. In some embodiments, a user is prompted to reenter thepasscode.

Operation 1308 is performed to identify a valid passcode if only asingle data packet generator is currently generating the passcode. Inthat case, the particular data packet generator is then identified.

If more than one data packet generator is currently generating thepasscode received in operation 1302, then operations 1310, 1312, and1314 are performed.

In operation 1310 a list of all data packet generators that arecurrently generating the passcode is stored to identify all of thepotential data packet generators associated with the passcode.

Operation 1312 is then performed to request and receive an additionalpasscode. In some embodiments a user may need to wait for a period oftime until the next or another passcode is displayed.

Operation 1314 is then performed to evaluate the second passcode. Inparticular, operation 1314 determines the specific data packetgenerators that are currently generating the second passcode from thenarrowed list of potential data packet generators that had previouslygenerated matching codes. If no data packet generators are generatingthe second passcode, then operation 1316 is performed. If only a singledata packet generator is generating the second passcode, then operation1318 is performed. If more than one data packet generator is currentlygenerating the second passcode, then method 1300 returns to operation1310.

If no data packet generators are generating the second passcode,operation 1316 is performed to identify the second passcode as aninvalid passcode. In some embodiments, a user is then prompted toreenter the passcode. In other embodiments, method 1300 terminates andthe user has the option of resubmitting a new passcode to restart method1300 at operation 1302.

If only a single data packet generator is generating the secondpasscode, operation 1318 is performed to identify the passcode as avalid passcode. In addition, operation 1318 identifies the data packetgenerator.

If more than one data packet generator is generating the secondpasscode, then method 1300 returns to operation 1310 to repeatoperations 1310, 1312, and 1314 until the data packet generator isuniquely identified. In some embodiments, the reduced list of potentialdata packet generators (the list previously stored in operation 1310) isanalyzed to determine when an additional passcode sampling can be takenwithout encountering additional duplications.

In some embodiments, once a data packet generator is identified,additional information about the data packet generator is also known.For example, in some embodiments the location of the data packetgenerator is retrievable from a data packet generator database (e.g.,1006, shown in FIG. 10 ).

An alternative embodiment can be used to uniquely identify a person thatis transient. For example, if a security guard is walking around abuilding while using the authorization system, it may be impractical torequire the security guard to return to a previous location to enter asecond or subsequent passcode in operation 1312. This alternativeembodiment allows the user to enter a second or subsequent passcode fromanother location, provided that the next location is within a particularrange from the first location. For example, after a user enters a firstpasscode, the system then prompts the user to enter a second passcode(e.g., via a handheld computing device). The user then locates a nearbydata packet generator and enters the associated passcode. The serverdetermines the amount of time between the first passcode entry and thesecond passcode entry and, using an estimated maximum walking speed,determines whether or not the second passcode entry is within a rangethat the user could have walked to. If so, the second passcode entry isaccepted. Since it is unlikely that two or more data packet generatorswould both (i) display the same passcode at the same time, and (ii) havea nearby data packet generator that displays the same second passcode atthe same time, the server will typically be able to uniquely identifythe data packet generators that are being used. However, if the serveris unable to uniquely identify the data packet generators, the processis repeated with additional passcodes until the data packet generatorsare uniquely identified.

In another possible embodiment, a passcode received in operation 1302 iscompared with known information. For example, if the user also providesa user ID, known information about the user can be compared with thelist of data packet generators that are generating the passcode(operation 1304). For example, if multiple data packet generators aregenerating the same passcode provided by the user, but one of the datapacket generators is located within the user's private workspace, someembodiments will not require additional passcodes. Rather, the systemwill assume that the user is working from the private workspace.Similarly, if one data packet generator is located in the user's homefacility in Minneapolis and another passcode is located in Phoenix, someembodiments will assume that the user is in the home facility and willnot require additional passcodes.

In some embodiments, a data packet generator is first identified byreceiving the serial number from the data packet generator. The serialnumber provides a preliminary indication of the identity of the datapacket generator. The passcode is then evaluated and a determination ismade as to whether the passcode matches a passcode that is expected fromthe data packet generator having the provided serial number. If so, thedata packet generator is uniquely identified and no further evaluationmay be needed. Alternatively, the evaluation of the serial number can beperformed after the initial evaluation of the passcode, such as afteroperation 1304 has identified that more than one data packet generatoris expected to be generating the passcode at a given time.

FIG. 14 is a screen shot of an exemplary user interface 1400 accordingto some embodiments of the present disclosure. User interface 1400 is,for example, a user interface as displayed by computing device 120 to auser. User interface 1400 includes a username prompt 1402, passwordprompt 1404, and passcode prompt 1406. Each prompt includes acorresponding data entry field 1412, 1414, and 1416. User interface 1400also includes buttons, such as submit button 1420 and cancel button1422. In some embodiments user interface 1400 further includes a messagedisplay window 1430.

User interface 1400 is typically displayed by an output device, such asa computer monitor, although other output devices are used in someembodiments. User interface 1400 is a Web page displayed by a Webbrowser application in some embodiments. In other embodiments userinterface 1400 is a screen of a software application other than a Webbrowser. In yet other embodiments, user interface 1400 is a screengenerated by an operating system.

In some embodiments, user interface 1400 is displayed to a user torequest the user's username and password. The username is entered intousername field 1412 and the password is entered into password field1414. User interface 1400 further requests that the user enter thepasscode from a nearby data packet generator. The passcode is enteredinto passcode field 1416.

After entering data into the appropriate fields, the user clicks onsubmit button 1420 to submit the information. In some embodiments,clicking on the submit button causes the computing device (e.g.,computing device 120, shown in FIG. 1 ) to transfer the data to a server(e.g., server 108, shown in FIG. 1 ).

Alternatively, cancel button 1422 is selected to cancel submission ofdata. In some embodiments, a user is then returned to a prior userinterface window, or the user interface 1400 is closed.

In some embodiments, message display window 1430 is included in userinterface 1400. Message display window 1430 operates to display amessage to the user. An example of such a message is a request toreenter a passcode, such as upon entry of an invalid passcode. Any otherdesired message may be displayed in message display window 1430.

In some embodiments, user interface 1400 is a virtual wall. The virtualwall is activated when a user attempts to access a protected resource onthe computer system or on the network. For example, if the user attemptsto access a protected file, software application, computer, device, orother protected resource, a virtual wall such as user interface 1400 isdisplayed. In some embodiments the virtual wall is a pop-up window thatfills the entire screen. The virtual wall requires the user to enterinformation sufficient to validate that the user is authorized to accessthe protected resource, or to cancel the attempt to access the protectedresource. Data is logged in some embodiments to record a potentialattempt to access the unauthorized protected resource.

In some embodiments the passcode (or other data) is providedautomatically by the data packet generator, such that the user does notneed to enter the passcode into field 1416. Some embodiments do notprompt the user for one or more of the username, password, or passcode.Other embodiments include other or additional fields or prompts asdesired.

In some embodiments the username of the user is acquired for subsequentuse. The username can be acquired in a number of possible ways. One wayis to receive the username with user interface 1400 either at loginand/or at another time after login. In another possible embodiment, theusername is acquired by acquiring other data and looking up that data ina lookup table to find the associated username. For example, in someembodiments an identifier of a smartphone (or other mobile device) isobtained. The identifier of the smartphone is then compared to a lookuptable that maps identifiers with usernames. The username is thereforeidentified. Other identifiers are used in other embodiments, such as acomputer identifier, a data packet generator identifier, or otheridentifier. The identifier is then compared to a lookup table or otherdatabase that maps the identifier to a user identifier. In this way acommon identifier can be used for a single user, rather than separatelyusing a user identifier when the user is using a computing device andanother identifier when the user is using another device, such as asmartphone.

FIG. 15 is a screen shot of an exemplary user interface 1500. Userinterface 1500 shows a floor plan for a particular building. The floorplan includes a plurality of workstations, including workstation 1502and workstation 1504. User identifiers are associated with some of theworkstations, such as user identifiers 1510 and 1512. An examplegraphical representation of a data packet generator 1520 is shown.

In some embodiments, user interface 1500 is a screen displayed by aComputer-Aided Design (CAD) software application configured for use infacilities management.

In some embodiments, user interface 1500 is dynamically updated to showcurrent data. For example, a user identifier 1510 or 1512 is updated toshow the name of the user that is currently using the respectiveworkstation. In this example, John Smith (user identifier 1510) iscurrently using workstation 1502 and Mark Daigle is currently usingworkstation 1504. If either user switches to a different workstation,the user identifiers are updated to reflect the change. In addition, ifno user is associated with a particular workstation, the workstation isso identified. This allows a user to be instantly located within abuilding and for associated records to be dynamically updated. Forexample, internal mail routes are updated to deliver mail to the user attheir current workstation. Therefore, in some embodiments, datadisplayed on user interface 1500 represents real-time data. In someembodiments, real-time data includes data that was acquired within thepast 24 hours. In other embodiments, real-time data includes data thatwas acquired within the past 12 hours, 6 hours, 4 hours, 2 hours, 1hour, 30 minutes, 15 minutes, 10 minutes, 5 minutes, 1 minute, 30seconds, 15 seconds, or 1 second. In other embodiments, user interface1500 displays information based on compiled or historical data over aperiod of time. In yet another embodiment, user interface 1500 displaysprojected data, such as determined by extrapolating or projecting fromreal-time data and/or compiled or historical data.

In some embodiments, an occupancy field is updated with a coderepresenting whether the workstation is unoccupied (e.g., “0” for avacant workstation) or occupied (e.g., “1” for an occupied workstation).Further, in some embodiments real estate utilization records are updatedaccording to the occupancy information. In some cases the capacity of astation is also considered. In this case the facilities managertypically defines the capacity. For example, a certain cubicle can housetwo contractors, that cubicle is assigned a capacity of two (2).Location authentication data can then be used to reveal when thiscubicle is occupied but not at full capacity.

Some embodiments include a data packet generator layer in a CAD system.The data packet generator layer identifies all of the data packetgenerators present in a floor plan, and includes information about thedata packet generators, such as an identifier of the data packetgenerator (e.g., a serial number), an identification of the location ofthe data packet generator, a graphical representation of the data packetgenerator (e.g., 1520 shown in FIG. 15 ), and any other desiredinformation. An example of a CAD program is a Computer Aided FacilityManagement (CAFM) application. Examples of commercially available CAFMsystems include Tririaga, Manhattan CenterStone, FM: Systems, Archibus,and others. Some embodiments utilize or interface with IntegratedWorkplace Management Software (IWMS). Some embodiments are Web basedCAFM applications, other embodiments are local software applications. Insome embodiments, one or more CAFM drawings are geospatially aligned ina GIS program. When the data packet generators are recorded as a layerin a geospatially aligned CAFM program, the latitude, longitude (andsometimes altitude) of those data packet generators can then also beknown. This is useful, for example, to permit the data from data packetgenerators to be used by other location based applications, or viceversa. This CAFM method of retrieving real-time latitude, longitude (andsometimes altitude) allows an internal continuation of exterior GISapplications. The geospatially aligned CAFM method is used in someembodiments to acquire real-time latitude and longitude (and in somecases altitude) of a user or device or object without requiring GPS data(or in concert with GPS data), which is especially useful inside ofbuildings.

In some embodiments, historical trends are recorded according to userlocation information. Historical trend information is very valuable to abusiness, as it allows a business to most effectively utilize theirspace. Since real estate is the second largest expense for manycompanies, improved space utilization will sometimes save a company alarge amount of money. For example, historical trend information is usedto determine that a particular workstation was only occupied 10% of thetime. As a result, the space may be reassigned to another user or groupof users that will better utilize the space. In another example, a largespace may be identified as being a candidate for subleasingopportunities if the space is only rarely used. As another example, itmay be determined that a particular group needs a larger space, whileanother group could make due with a smaller space. A software program isused in some embodiments to automatically evaluate historical trendinformation to suggest improvements in space utilization efficiency.

Employee/user privacy is an important consideration. In some embodimentsoccupancy is tracked without identifying the particular employee. Forexample, in some embodiments a passcode (or data packet) is requested orreceived without a username or password. As a result, the occupancy,vacancy, and remaining capacity information for the station isobtainable without requiring that the employee identify themselves.

In another embodiment, user location information is tracked withoutstoring time information. For example, some embodiments operate to avoidstoring data that would identify a login and a logout time of anemployee. For example, data is stored to identify occupancy informationwithout storing the beginning and ending times that the space wasoccupied. Other privacy concerns should be carefully weighed to preventemployee or user privacy from being invaded.

In some embodiments, an authentication system includes amoves/adds/changes (MAC) management system. The MAC management systemprocesses data relating to planned moves and work orders within afacility. Location information is used, for example, to identify vacantspaces as spaces to which an employee can move. It is also useful toidentify potential move collisions before they occur, such as when anemployee is scheduled to move into a space that is currently occupiedand not itself scheduled to be vacated.

In some embodiments, an authentication system is used to identify alocation for a work request. For example, when the work request is madea data packet or passcode is also obtained automatically. Alternatively,when the work request is made, the requester provides the passcode withthe request. The passcode is used to identify the location where thework is required. For example, the work request is a request fortechnical support made to an IT specialist. As another example, the workrequest is a request for medical attention. As yet another example, awork request is a request for office supplies or furniture. The personor software program receiving the request uses the passcode to identifythe location for the work.

In some embodiments, location information is not used to updateinformation dynamically, but rather to provide general space utilizationdata. For example, data may be gathered over a period of time (e.g., 24hours) and then compiled into space utilization summaries over theperiod of time. In this example, incorrect passcode entries could beignored as it would likely not have a significant impact on the overallutilization statistics, at least not in a large organization.

FIG. 16 is a screen shot of an example user interface 1600 displaying anemergency alert. This example illustrates an embodiment which provideswayfinding, and more particularly interactive wayfinding. The userinterface 1600 includes an emergency message 1602, custom evacuationdirections 1604, and other emergency information, such as a graphic1606. In some embodiments a software application generates and displaysuser interface 1600 on a computer screen of a user when an emergency isdetected. The user interface provides customized information to the userto guide the user in the safest way to evacuate the building. Thelocation of the user is determined, in some embodiments, by the serverreceiving a passcode that originated from a data packet generator at theuser's location.

When an emergency is detected, such as a fire, user interface 1600 isdisplayed on the screen of the user. In some embodiments, user interface1600 is a popup window. In other embodiments user interface 1600 is afull screen display that obscures all other information displayed on thecomputer screen.

The user interface 1600 may include emergency message 1602. Theemergency message warns the user of the emergency and providesinstructions to the user explaining what the user should do. Forexample, the emergency message 1602 says “EMERGENCY ALERT—A fire hasbeen detected! Please proceed to Exit 2B.” Some embodiments providedetailed evacuation directions (e.g., exit your office to the left,proceed to the end of the hall and exit through door 2B″). Any otherinformation may be displayed. In this embodiment, user interface 1600also includes custom evacuation directions 1604, which in this exampleprovides the directions graphically, indicating that the user shouldexit through Exit 2B and showing the best path to take to get to theexit. The directions are customized for each user, in some embodiments.Customization may take into consideration various factors, such as thelocation of the fire, the number of people in a given area, and the paththat others will be taking to evacuate the building. In this way, forexample, a user is guided to go to Exit 2B rather than Exit 2A, becausethe fire is near Exit 2B (as illustrated by a “FIRE” graphic 1606). Asanother example, the customized directions for neighboring workspacesmay also direct the users to Exit 2B so that all of the people aremoving in the same direction, rather than going against the flow ofevacuation. In some embodiments the evacuation plan is customized toevacuate a maximum number of people as quickly and safely as possible.

User interface 1600 may also include other information 1606, such as anidentification of the location of the fire, or any other emergencyinformation that may be helpful in safely evacuating people from thebuilding.

In addition to guiding tenants and users, user interface 1600 is also oralternatively used in some embodiments to provide wayfinding for thirdparties. For example, first responders or other emergency personnel usesuser interface 1600 to determine what instructions have already beengiven, and/or to guide them to a place where their assistance is needed.In some cases the first responders may be granted independent access tothe remote server (such as when an IT system at the emergency site isnot operational.)

Other embodiments are used for other purposes. For example, securityguards are required to enter passcodes as they perform their securitychecks within a building. By doing so, the security guard confirms thatthe security guard was at a particular location at a particular time.Alternatively, the passcodes are obtained automatically by a computingdevice, such as a smart phone, that is carried by the security guard.This provides a method of verifying, for example, that routine securitychecks are performed. Similarly, other embodiments are used to confirmthat a person made it to a particular location (e.g., a user made it toa location for a treasure hunt, or made it to the top of Mt. Everest,etc.).

In some embodiments a computing device is identified by a uniqueidentifier. When a user logs into the network, for example, the serverdetermines what device is logging in by checking the unique identifier.For example, a computer may have an identifier “473.AXZ.127.839JK8.” Thecomputer automatically communicates the identifier without requiring auser to manually enter the identifier. Once both the identity of adevice is known and a passcode of an associated data packet generatorare known, the location of a particular device is also known. As notedabove, computing devices are not only computers, but also include mobiledevices such as cell phones. Further, if a computing device has a way ofdetermining what other devices or objects are around it (such as with anRFID system, barcode scanner, etc.), this information may also becommunicated to a server to identify the location of the other devicesor objects as well.

FIG. 17 is a block diagram of another exemplary embodiment of anauthentication system 1700. Some embodiments are alternatively referredto herein as asset management systems. Assets may include any object ordevice. Specifically, in some embodiments, authentication system 1700 isused to authenticate the location of something other than a user or acomputer, and/or in addition to a user or a computer.

Authentication system 1700 includes data packet generator 1702,computing device 1704, object 1706 and server 1708. Data packetgenerator 1702, computing device 1704, and object 1706 are locatedwithin workstation 1710 in some embodiments. Server 1708 is typicallynot located within workstation 1710. Computing device 1704 includes aninput device 1712. Object 1706 includes an identifier 1714. In someembodiments, the identifier 1714 is an asset tag 1714. In otherembodiments, authentication system 1700 is used to authenticate anobject, identify an object, obtain additional information about anobject, or for other purposes.

In some embodiments, data packet generator 1702 operates to generate acode periodically, such as described herein. In some embodiments, datapacket generator 1702 displays the code on a display that is visible toa user. In other embodiments, a code or data packet is generated by thedata packet generator 1702 and communicated automatically (such asacross one or more data communication wires or wirelessly) to computingdevice 1704 or server 1708. Data packet generator 1702 is typicallyattached to workstation 1710 or to a device or object within workstation1710. In some embodiments, the location of data packet generator 1702 isknown by server 1708. For example, in some embodiments the location ofthe data packet generator 1702 is recorded in a CAFM system when thedata packet generator 1702 is installed, or in a table or database atthe server 1708. In some embodiments the location is identified and/orconfirmed through the use of a mesh network of data packet generators,as described in more detail herein.

In some embodiments data packet generator 1702 is integrated withcomputing device 1704. In other embodiments data packet generator 1702is in data communication with computing device 1704. In yet anotherembodiment, data packet generator 1702 is a software module operating oncomputing device 1702. In another embodiment, data packet generator 1702is in data communication with server 1708 across the network. In afurther embodiment, data packet generator 1702 is a material that isconfigured to provide a value to computing device 1704, and computingdevice 1704 uses the value and the current time to compute a passcode.Examples of such a material are described below. Some of theseembodiments benefit from an automated process of providing a passcode to(or generating a passcode with) a computing device without the need fora user to manually enter the passcode.

Examples of computing devices 1704 are described herein, but one exampleof a computing device is a handheld device (such as a handheld deviceused for computer aided facility management). Computing device 1704 isconfigured to communicate with server 1708, such as across a network.Computing device 1704 includes an input device 1712 that is used to readan identifier 1714 associated with object 1706. In the illustratedembodiment, input device 1712 is a barcode reader. In other embodiments,input device 1712 is another input device, such as a keyboard, mouse,touch screen display, charge-coupled device (CCD), scanner, RFID reader,or other input device.

Object 1706 is any movable object where the location of the object 1706is desired to be known or tracked. Examples of object 1706 include abox, sheet of paper, piece of mail, printed document, file, electronicdevice (such as a monitor, television, video projector, VOIP telephone,etc.), artwork, workstation component, machine part, machine, etc.

Object 1706 includes an identifier 1714. An example of identifier 1714is a barcode. Other examples of identifier 1714 include anidentification number, a serial number, a symbol, a name, or any otheridentifier. In some embodiments the identifier is a part of object 1706,in other embodiments the identifier is printed on object 1706, printedon a label adhered to object 1706, or stored within a device in orattached to object 1706 (such as an RFID tag), or otherwise associatedwith object 1706.

In some embodiments identifier 1714 is an asset tag, such as an RFID tagor an asset tag configured to communicate according to one or more ofthe 802.11 wireless communication protocols.

Examples of server 1708 are described herein. Server 1708 operates tovalidate a passcode as being generated by data packet generator 1702.

In some embodiments, location authentication system 1700 operates toauthenticate the location of object 1706. Some embodiments include amethod of authenticating the location of object 1706 including some orall of the following operations.

In this example, object 1706 is first brought into or near toworkstation 1710. In some embodiments a computing device is initiallyauthenticated as being at a particular location, such as by entering apasscode into the computing device. Once the location of the computingdevice is known, then the objects (e.g., object 1706) may also beauthenticated as being at that location. For example, a user operatescomputing device 1704 to input object identifier 1714 into computingdevice 1704. Alternatively, if the location of the computing device isnot initially authenticated, the user may also enter a passcode alongwith the object identifier to provide location information. In someembodiments, barcode reader 1712 is used to scan identifier 1714 toinput the object identifier 1714 into computing device 1704.

In another embodiment, a passcode is automatically provided by datapacket generator 1702 into computing device 1704. In another embodiment,data packet generator 1702 is a software module operating on computingdevice 1704 that generates the passcode. The passcode is authenticatedby server 1708.

Upon validation of the passcode from data packet generator 1702 andreceipt of a valid object identifier 1714 (which in some embodiments isitself validated by server 1708), the location of object 1706 isvalidated as being within workstation 1710. In some embodiments, acheck-in process is used when an item arrives at the workstation. Inother embodiments, a check-out process is also or alternatively used toidentify when an item leaves the workstation.

In another possible embodiment, the data packet generator 1702 isconfigured to receive a message from server 1708 (such as across thenetwork, via computing device 1704, or from another data packetgenerator) to check for asset tags 1714 in the vicinity of the datapacket generator 1702. Upon receipt of the message, data packetgenerator 1702 checks for asset tags 1714. Alternatively, data packetgenerator 1702 is configured to automatically check for asset tagsperiodically or at a predetermined time.

To check for asset tags 1714, in some embodiments the data packetgenerator 1702 transmits a message wirelessly and monitors for aresponse. Alternatively, rather than transmitting a message, data packetgenerator 1702 monitors for a wireless transmission from asset tags1714, which operate to broadcast information periodically or at apredetermined time. The received information is then stored by the datapacket generator 1702, and in some embodiments is transmitted back toserver 1708.

If object 1706 is moved to another location, any of the processesdescribed above are used to update the location of the object as beingat the new location.

Authentication of the location of an object is useful in manyapplications. For example, it is used in some embodiments to track thelocation of a file, a piece of mail, furniture, or any other object. Thelocation may be tracked within a building, or anywhere in the world, solong as components of the location authentication system 1700 areavailable at the location of the object. It is recognized that theprocess may be automated in some embodiments, such that a user does notneed to manually enter data.

Some embodiments include other features. For example, in someembodiments the system 1700 receives an input identifying where anobject should be delivered to, this information is stored on the serverfor subsequent use. In some embodiments server 1708 retrieves thedelivery information when an object is checked in and indicates at thepoint of delivery whether or not the object has been delivered to thecorrect location. Further, a summary of move information is provided toa move coordinator at the end of the move that acknowledges that everyobject was picked up and that every object was delivered to theappropriate location. Additional details may be stored for furtherreports, such as the details of when an object was picked up, who pickedit up, when it was picked up, where it was delivered to (and anyintermediate stops along the way), who delivered it, and what time itwas delivered. If any object has not been properly moved, theinformation is available immediately in some embodiments, so that theobject may be located.

Some embodiments of authentication system 1700 (or other embodimentsdescribed herein) are implemented in a virtual reality environment.Various virtual reality environments are currently in existence. Oneexample is the SECOND LIFE (ID world. In a virtual reality environment,devices are implemented as objects in the virtual reality environment bydata instructions executed by a tangible computing device, such as thecomputing device shown in FIG. 54 herein. The objects perform thefunctions described herein, but do so in some cases in the virtualreality environment, rather in the tangible world. In some embodimentsportions of authentication system 1700 (or other embodiments describedherein) are at times tangible while other portions are at times objectsin the virtual reality environment. Any of the objects described herein(and other objects) can similarly be represented in some embodiments asvirtual objects in a virtual reality system, and utilize the systems andmethods described herein.

In some embodiments the virtual reality environment is configured todisplay a passcode directly with a three-dimensional object. Due to thefact that computers operate to generate the three-dimensionalenvironment, the functions of a data packet generator may be performedwithout the need for a virtual three-dimensional representation of aphysical data packet generator. Rather, the code may be output directly,such as so that it is visible on a surface of the object. For example, apasscode is associated with a pet in some embodiments so that thepasscode is visible upon close inspection of the pet. The passcode isthen used in one of the various manners discussed herein, such as todetermine the owner of the pet and return the lost pet to the owner.

Another possible alternative to the system illustrated in FIG. 17 is asystem in which data packet generator 1702 is itself attached to orintegrated with object 1706. For example, equipment in a hospital may beequipped with a data packet generator. The passcode generated by datapacket generator 1702 is entered into computing device 1704 at variouspossible times (such as when the object is brought to a new location orwhen the object leaves a location). In this way the location of theobject may be tracked throughout the hospital. Alternatively, the codemay be provided directly to a server whenever the equipment is turnedon. In some embodiments, the passcode or other data is transferredautomatically from the data packet generator 1702, as discussed herein.

As employees become increasingly mobile, some employees are no longerassigned to a particular office space. Such employees may, however, wishto store a small amount of their belongings at the facility, rather thantransporting everything with them each time they leave. To accommodatethis, some embodiments include hoteling packages. Hoteling packages areenclosures that are each assigned to a particular person. The person canstore items (including writing instruments, books, calculators, rulers,documents, or any other personal belongings or business items) in thehoteling package. In some embodiments the hoteling package includes anasset tag that identifies the hoteling package. In some embodiments theasset tag is an active device (such as a device that wirelesslytransmits asset tag information), or a passive device (such as one thatdisplays asset tag information in the form of a code or barcode). Server108 monitors the locations of the hoteling packages using the assettags, according to the methods described herein. In this way, theemployee can leave the hoteling package at the facility when theemployee leaves, and can quickly locate the hoteling package again thenext time he or she returns (or remotely via a computing device). Insome embodiments the hoteling package includes a slot for receivingmail, such that the hoteling package can provide the additional functionof receiving mail, such as when stored in a mail room.

As mentioned above, systems and methods disclosed herein are used insome embodiments to identify the location of a telephone, such as avoice over Internet protocol (VOIP) telephone. For example, a datapacket generator is integrated with a VOIP telephone or in datacommunication (either wirelessly or via one or more wires) with a datapacket generator. Accordingly, using the systems and methods disclosedherein, the location of the VOIP telephone can be identified. Thislocation is used to inform an emergency responder, telephone company,911 emergency system, caller ID system, (or other person or system) ofwhere the call originated from.

FIG. 18 is a screen shot of a user interface 1800 generated by anotherexemplary embodiment of a location authentication system. In thisexample, a location authentication system is used to show the locationof a person through a user interface, such as a Web site.

An example location authentication system will first be described. Thelocation authentication system includes in some embodiments a datapacket generator located at a retail establishment, such as a coffeeshop. The data packet generator is, for example, hung on the wall sothat it is easily visible by customers in the coffee shop. The systemalso includes a computing device, such as a public computer terminalsupplied by the coffee shop, or a device carried by the user, such as alaptop, PDA, cell phone, or other computing device. The user uses thecomputing device to log into a social networking Web site, for example.In some embodiments the login process requests a username and password(although login is not needed in all embodiments, such as if thecomputing device has previously recognized the user) but other loginprocesses are used in some embodiments. The login process is used toidentify a user (e.g., Mark), or typically at least to associate theuser with a username or other identifier. Once logged in, the siteincludes a module that allows the user to enter a passcode to identifythe user's current location. The user initiates the module and entersthe passcode displayed by the data packet generator. The Web site thenvalidates the passcode and determines the location of the user as beingat the coffee shop.

User interface 1800 is an exemplary user interface displayed by a socialnetworking Web site. The user interface is displayed to a user of thesocial networking Web site, such as a friend (e.g., Sally) after thefriend has logged into the Web site and initiated a module to locateMark. The Web site includes, for example, a map displaying the locationof Mark at the coffee shop located at 123 Main Street. Sally may now usethis information to meet up with Mark at the coffee shop. The locationauthentication system may also be useful for a child to confirm theirlocation to a parent. It is also possible for the coffee shop to havethree or four of our devices next to three or four common socialphrases. For example. One data packet generator is next to a phrase thatsays “Come meet me at this location”. Another data packet generatorsays, “I'm leaving this location now”. Then, when the user enters thatpasscode it not only authenticates that the user was at the location butit also communicates a message simultaneously. Alternatively, in someembodiments a software application identifies the available phrasesautomatically, such as by receiving a data packet from the data packetgenerator wirelessly (or via one or more communication wires). The datapacket includes the respective code and the associated phrase. Thesoftware then displays the available phrases to the user, who selectsthe message to be communicated. In this example, the user does not haveto manually enter the passcode.

Due to privacy considerations, it is strongly preferred that embodimentsfor locating people do so only when a person specifically wants to belocated, such as when the person himself enters a code indicating adesire to be located. In addition, it is strongly preferred that suchlocation information be provided only to a select group of people, suchas a trusted group of friends. In some embodiments the information iscommunicated only to a single person or group of people that have beenidentified by the user as intended recipients of the information.

Although user interface 1800 is described above as a user interface of aWeb site, other embodiments communicate information in other manners,such as through an e-mail message, a text message, and the like.Similarly, the information is used in some embodiments to communicate amessage across an existing system, such as Twitter, Facebook, othersocial networking sites, or other communication systems.

In some embodiments described above, authentication systems are used toauthenticate a location of something. Other possible embodiments involvean object identification system that may be used to authenticate theidentity of an object. In such an embodiment, for example, a data packetgenerator is attached or otherwise connected or associated with anobject. The code generated by the data packet generator may be enteredinto a computing device and sent to a server for validation. The servervalidates the code as a valid code and then retrieves an identity of theobject associated with the data packet generator that generated thepasscode from a database. Other information may also be associated withthe object in the database, if desired. Such an object identificationsystem is useful in a wide variety of applications. For example, a datapacket generator may be connected to or integrated into a piece ofartwork. The object identification system operates to authenticate theobject as being a particular object, such as an original painting orsculpture by a particular artist, or a pallet used in shippingapplications. In some embodiments the retrieval of data packets fromdata packet generators associated with the object is performedautomatically. Nearly any object can be associated with a data packetgenerator.

Another example of an object authentication system involves a sheet ofelectronic paper or other display system. The electronic paper displaysa document, for example and/or also operates as a data packet generatorto display a code that is updated periodically. The code may be used toauthenticate the identity of the document displayed by the electronicpaper. In some embodiments, the electronic paper may be used to bridgethe gap between digital data on a computer and physical documents orobjects. In other embodiments, a document may be printed having a staticpasscode printed thereon. The passcode may be used to authenticate thesource of the document or other information about the document known bythe server (such as the time it was printed, who printed it, etc).

As just one example, electronic currency could be displayed onelectronic paper in the form of tangible currency. The currency displaysa passcode that is updated periodically that may be used to authenticatethe currency. In some embodiments the tangible currency displayed onelectronic paper is converted into electronic currency, such as bytransferring an equation or other digital data relating to the currencyto another electronic device and removing the equation or other digitaldata from the electronic paper. The electronic currency istransferrable, such as by transmitting the equation or other digitaldata across a network, such as the Internet or a telephone network.Similarly, the electronic currency is then converted back to tangiblecurrency by transferring the equation or other digital data back to theelectronic paper.

In other possible embodiments, a Web address (e.g., uniform resourcelocator) is printed on the document. The Web address points to a Website that displays a dynamic passcode associated with the document. Thedynamic passcode may be used for authentication as described herein. Inanother possible embodiment, a Web address and a code or value isprinted on the document. Upon accessing the Web site identified by theWeb address, the code or value is entered to enable the passcode to bedisplayed or generated.

Another exemplary application for an object authentication system is anInternet based lost and found. When an item is found that contains adata packet generator, the code is used to return the lost item to itsrightful owner. For example, the person that finds the item (sometimesreferred to herein as the finder) may read a label printed on the itemthat directs the finder to log onto a particular Web site. The finderdoes so and is then prompted to enter the code currently displayed bythe data packet generator. Upon entering the code, the item isidentified by a server. The server may also request information aboutthe finder, such as a telephone number, e-mail address, or mailingaddress where the finder can be contacted. The server then identifiescontact information associated with the original owner in the database.This information was, for example, previously provided by the originalowner. The server then sends the finders contact information to theoriginal owner to allow the original owner to contact the finder toarrange for pickup or delivery of the object. Examples of tangibleobjects include electronics (computers, MP3 or MP4 players, stereos, DVDplayers, telephones, smart phones, etc.), valuables (jewelry,money/currency, gold, antiques), pet collars, boxes, furniture, pens,wine bottles, artwork, pavement, credit cards, currency, vehicles,phones, shoes, medical equipment, car keys, documents, chairs, pallets,cubicle parts, bricks, plates, toys, or a wide variety of other objects.Some embodiments of the Internet based lost and found operate tomaintain the privacy of the original owner by not disclosing informationabout the owner to the finder.

Other possible embodiments involve a person or company authenticationsystem. In this embodiment, a person or group of people can beauthenticated to another person or group of people. For example, in someembodiments a person uses the authentication system to authenticatecommunications as being from a vendor that the person has contractedwith. The vendor agrees to provide either a dynamic or static passcodein all communications with the person as a way for the person to ensurethat the communication is coming from the vendor. For example, an e-mailmay include a dynamic passcode (e.g., one that changes periodically)while a document may include a static passcode. When a vendor e sends ane-mail message, for example, a passcode is supplied to the computingdevice, which is inserted or embedded into the e-mail message. When thee-mail message is received, the passcode is continually shown in thee-mail message whenever that message is read by the person. The passcodeis then validated as a valid passcode by comparing the passcode shown inthe e-mail to a passcode shown on the person's device. No data entry isrequired in some embodiments (such as if only a visual comparison ismade to reassure the person). If the comparison is successful, thee-mail message is determined to have come from the vendor. Othercommunications may also be used. For example, a vendor employee readsthe passcode into a telephone to initiate a telephone conference withthe person or the vendor sends a document that shows a timestamp and apasscode that was valid at that time. Whenever the person wants tochange vendors, all vendors need to be notified and the person's datapacket generator needs to be updated via an input device or replacedwith new data packet generators. In this way the person remains incontrol of which vendors know their current passcodes.

Yet other embodiments include a time verification system. The timeverification system utilizes a data packet generator to authenticate atime at which an event occurs. The time verification system includes adata packet generator in which a passcode generated by the data packetgenerator changes periodically, such as once per minute. In someembodiments the data packet generator is integrated into another device.One example of a device is a digital camera. When the digital camera isused to take a photograph, the digital image is stored along with apasscode provided by the data packet generator. The passcode maysubsequently be used to verify the time of an event shown in thephotograph. Examples of such events include a car accident to prove thetime the accident occurred to an insurance company, and a wide varietyof other possible events.

Many of the embodiments described herein may also be used for timeverification in addition to or as an alternative to the particular usesdescribed herein.

Yet further embodiments involve authentication of a right to accessinformation. For example, a digital data sharing system is provided bysome embodiments. In this example, a user desires to purchase a digitalcopy of a song from a distributor, such as through the distributors Website. The Web site includes an option to purchase a right to share themusic with friends, such as to purchase three sharing credits to allowthe user to share the song with three friends (or one friend threetimes, etc.) The user then downloads a digital copy of the song. Thesong display on the MP3 player then shows changing code next to thetitle. That code is unique not only to the song purchased but also tothe original buyer (in other words somebody else purchasing sharingrights to the same song would not have the same code for the same song).Whenever the owner of the song feels so inclined, they can share thecurrent code shown next to the title of the song with a friend. Thefriend enters the current code into their own device. Once the code hasbeen authenticated by the server, the friend's device is given access tostream (not download or own) the song (such as one time during the nextthree days. In some embodiments, the friend cannot subsequently sharethe song with anyone else because the code is only valid for a shortperiod of time. The transfer of passcode information can happen inperson via text message, over the phone, etc.

In some embodiments, sharing is initiated by the user selecting a shareicon in the music library (e.g., their iTunes music library) to initiatelegal sharing. Upon selecting the share icon, a message is sent to aserver (e.g., the iTunes server) that indicates an intent to share asong (or collection of songs) as well as the current rolling passcodeassociated with the song. In some embodiments the user also enters anidentifier (such as an e-mail address) of a person that the song shouldbe shared with. The server then authenticates the rolling passcodeincluding the original purchasers name and whether their account isactive for a charge. Once authenticated, the server then returns amessage to the user's computing device, including a sharing passcode,which the user can give to a friend or other person. Alternatively, theserver sends the passcode directly to the person that the song is to beshared with. In some embodiments the passcode is embedded in a link. Insome embodiments the passcode is valid for a limited period of time,such as a predetermined number of minutes, hours, or days. If thepasscode is used by the recipient to access the song, the sharer'saccount is charged and limited rights to access the music are granted tothe recipient.

Some embodiments described above utilize a data packet generator thatgenerates codes using a random number generation algorithm. In someembodiments the algorithm uses one or more input variables as inputs tothe equation to calculate a passcode. The input variables are stored inmemory, for example. Another possible embodiment, however, receives theinput variables from another object, material, or device.

For example, if a data packet generator is attached to a desktop (suchas illustrated in FIGS. 2 and 6 ), some embodiments of the data packetgenerator operate to receive an input variable from another object, suchas the desktop itself. In this way the data packet generator is able toread input variables specific to the location of the data packetgenerator. The input variables are integrated, printed, embedded, orformed into the object, such as a desktop.

In one example, at least part of the desktop surface includes an atleast partially conductive material. The conductivity of the desktopsurface is made to match a predetermined conductivity (or range ofconductivities). Probes from the data packet generator contact thedesktop to measure a resistance between the probes, such as by applyinga voltage between the probes. The resistance is measured and convertedinto an input variable that is then used by the random number generator.In some embodiments the data packet generator also uses the current timeas an input to the random number generator, such that the result is apseudorandom number that identifies the desktop to which the data packetgenerator is attached.

Another possible embodiment involves a series of dots on the surface ofthe object, such as a desktop. The dots are made of conductive polymers(such as polythiophenes, polypyrroles, etc.) or nonconductive polymers.The conductivity (or lack thereof) between any two of the dots is usedto encode a value onto the surface which is read by the data packetgenerator as an input to the random number generation algorithm. Pinsfrom the data packet generator contact each of the dots to determinewhether the dot is conductive or non-conductive (or whether a resistanceis above or below a predetermined threshold). If a dot has a lowresistance, for example, the dot encodes a “1” value and if the dot hasa high resistance, the dot encodes a “0” value. Any number of dots maybe used to encode any number of binary digits. The binary digits may beconverted into base 10 or another base if desired to provide an inputvalue to the random number generator. In some embodiments the value isknown by a server and is associated with a desktop that is known to bein a particular location. When the passcode is received at the server,the server is able to calculate the value that was used to generate thepasscode, because the server knows the random number algorithm and thetime at which the passcode was generated. Once the value is known, thelocation of the data packet generator is also known by matching thevalue with the stored location associated with the value. In someembodiments, then, simply placing the data packet generator onto asurface having the encoded value allows the server to identify thelocation when the passcode is received. Alternatively, the data packetgenerator itself is programmed to identify its own location upondetection of the value from the surface. The value may also be encodedin other locations, such as on a label affixed to an object or surface,or in a material printed onto a surface. In some embodiments differentranges of resistances are used to represent a particular value. Forexample, three values are encoded into a particular dot by using amaterial having a low resistance to represent a first value, a moderateresistance to represent a second value, and a high resistance torepresent a third value. Any number of values may be encoded in a singledot by defining different ranges of resistances for each value.

In another possible embodiment, a value is encoded into a surface bydots that reflect different wavelengths of electromagnetic radiation. Anultraviolet (UV) camera is included in the data packet generator in someembodiments. The UV camera detects a color of light reflected from oneor more of the dots when exposed to UV light. In this way the datapacket generator need not be in physical contact with the surface orobject. In some embodiments a material, such as a polymer, is used thatdegrades over a predetermined period of time to limit the usablelifetime of the material or perhaps to limit the readable period towithin a particular window of time.

FIG. 19 is a bottom perspective view of another example data packetgenerator 1900 configured in a closed position. In some embodiments datapacket generator 1900 is configured for connection to another object,such as desktop 204. In this example, desktop 204 includes a top surface1902, a bottom surface 1904, and a front edge 1906.

In this example, data packet generator 1900 includes a housing having afirst housing member 1910 and a second housing member 1912. Firsthousing member houses a display 1920 that operates to display apasscode. First and second housing members are pivotally connected toeach other at hinge 1922. When in the closed position, data packetgenerator 1900 is recessed from a lower surface 1934 of second housingmember 1912 to protect the first housing member (and componentscontained therein) from inadvertent contact, such as from impact with aperson's knee or leg, a vacuum cleaner, or any other object.

Second housing member 1912 includes a recessed region 1932 that isconfigured to receive the first housing member therein when in theclosed position. Second housing member 1912 also includes a lowersurface 1934 that protrudes beyond the recessed region and in someembodiments protrudes slightly beyond the lowermost surface of firsthousing member 1910. In some embodiments second housing member 1912further includes tapered sidewalls 1936. Tapered sidewalls 1936 providegradually sloping edges, rather than sharp corners, to prevent or reducedamage to a person, person's clothing, or another object that may comeinto contact with data packet generator 1900.

In some embodiments second housing member 1912 is an attachment devicethat allows data packet generator 1900 to be fastened to another object,such as bottom surface 1904 of desktop 204. Any suitable fastener can beused, such as a screw, nail, bolt, or adhesive. For example, screws areinserted into fastener holes 1938 to secure data packet generator 1900to desktop 204. Data packet generator 1900 is preferably mountedslightly behind front edge 1906 to reduce inadvertent impact with aperson or object, and in some embodiments to obscure or partiallyobscure the data packet generator 1900 from view under the desktop.

Recessed region 1932 typically includes a space between an end of firsthousing member 1910 (the end located opposite hinge 1922) and theadjacent edge of recessed region 1932. In some embodiments first housingmember 1910 also includes a taper at that end (e.g., tapered end 1940shown in FIG. 20 ) that further increases the space between firsthousing member 1910 and second housing member 1912. To remove firsthousing member 1910 from recessed region 1932, a user grasps firsthousing member 1910 (such as by inserting a finger into the space) andapplies a force to first housing member 1910 away from second housingmember 1912. The force causes the first housing member 1910 to pivot athinge 1922 to advance first housing member to the open positionillustrated in FIG. 20 .

FIG. 20 is a top perspective view of the data packet generator 1900,shown in FIG. 19 , arranged in an open position. Data packet generator1900 is partially obscured in FIG. 19 by desktop 204, including a topsurface 1902, bottom surface 1904, and front edge 1906. Data packetgenerator 1900 includes first housing member 1910 and second housingmember 1912.

As discussed above, first housing member 1910 houses a display 1920 thatoperates to display a passcode. First and second housing members arepivotally connected to each other at hinge 1922. When in the openposition first housing member 1910 extends out from second housingmember 1912, and preferably extends beyond edge 1906 of desktop 204. Inthis way, a user in the vicinity of data packet generator 1900 can viewa number displayed by display 1920, without the displaying beingobscured by desktop 204.

Data packet generator 1900 is returned to the closed position shown inFIG. 19 by applying a force to first housing member 1910 toward secondhousing member 1912. The force causes first housing member 1910 to pivotabout hinge 1922 until first housing member 1910 is arranged in recessedregion 1932 (shown in FIG. 19 ).

FIGS. 21-22 illustrate an example of a tamper sensor 2100. In thisexample, tamper sensor 2100 operates to detect tampering with afastener, such as a screw 2102. FIG. 21 is a schematic side view of theexample tamper sensor 2100. FIG. 22 is a schematic plan andcross-sectional view of the example tamper sensor 2100. Tamper sensor2100 includes screw 2102, first conductive element 2104, secondconductive element 2106, sensor 2108, and electrical conductors 2110.Tamper sensor 2100 is built into a data packet generator (such as datapacket generator 1900). A portion of the data packet generator housing2120 is shown including a fastener 2102 (e.g., fastener hole 1938).

A fastener hole 2122 is formed in the portion of housing 2120.Conductive elements 2104 and 2106 are formed on either side of fastenerhole 2122, such that edges of conductive elements 2104 and 2106 extendto fastener hole 2122. Conductive elements 2104 are spaced from eachother across hole 2122. Typically conductive layers 2104 are arranged ina common plane and spaced horizontally from each other. However, inanother possible embodiment, conductive elements 2104 and 2106 arevertically spaced from each other. In yet another possible embodiment,conductive elements 2104 and 2106 are both horizontally and verticallyspaced from one another.

When an electrically conductive fastener is inserted into fastener hole2122, first conductive element 2104 and second conductive element 2104become electrically connected through the adjacent portion of screw2102. Sensor 2108 is also electrically connected to conductive elements2104 and 2106 and operates to detect whether the conductive elements2104 and 2106 are electrically connected to each other or not. Afterinstallation of a data packet generator, such as to desktop 204 (oranother object), sensor 2108 is able to detect if one or more screws2102 are removed, such as by applying a small current through conductiveelements 2104 and 2106. When screw 2102 is removed, the current flowingthrough conductive elements 2104 and 2106 stops flowing. The sensor 2108communicates this information to the microprocessor (e.g., 304, shown inFIG. 3 ), which determines whether action is necessary in response topotential tampering.

In some embodiments, such action includes recording the status of theone or more screws in memory. For example, when a change in status isidentified, the status is stored in memory (e.g., screw 2102 notinstalled) along with a time stamp of when the change occurred. In someembodiments, this status information is subsequently transmitted to aserver or other computing device, such as in a data packet.

Although fastener 2102 is described as a screw that mounts the body ofdata packet generator to another object, such as desktop 204, otherfasteners can also be used. For example, in some embodiments the housingof the data packet generator is formed of two shells. Sensor 2108 can beused to detect tampering with fasteners used to connect the shellstogether. Fasteners can also be used to secure a battery compartment.Any such fastener may be monitored with sensor 2108 to detect tampering.

Other embodiments include other mechanisms for detecting tampering withfasteners. In some embodiments sensor 2108 operates to detect a changein resistance between conductive elements 2104 and 2106. When screw 2102is removed, the resistance increases. Other embodiments of sensor 2108use an alternating current (AC) signal rather than a direct current (DC)signal. A high frequency signal is applied to first conductive element2104 and the resulting signal is detected at conductive element 2106. Achange in one or more of various electrical characteristics can bedetected to alert sensor 2108 to potential tampering. In otherembodiments sensor 2108 monitors for any changes in static electricity.Magnetic or electric fields are generated and monitored by sensor 2108in other embodiments.

In some embodiments, the data packet generator (e.g., data packetgenerator 1900, shown in FIG. 19 ) operates to take one or more actionsupon the detection of a potential tampering event. Some possible actionsinclude: entering a hibernation mode to cease generating subsequentpasscodes; erasing data stored in memory, such as the algorithm used forgenerating passcodes, algorithm seed data, identifying information, orany other data stored in memory; sending a communication to another datapacket generator or computing device; a combination of these actions; orother actions. In some embodiments the event is recorded in memory, andsubsequently communicated via a data packet.

Examples of potential tampering events include: movement of the device(such as measured by an accelerometer or other motion sensor) thatexceeds a certain threshold of time, distance, or intensity; absence ofone or more fasteners from the data packet generator; retraction of afastener beyond a threshold (such as if the fastener is retracted beyondone or both of first and second conductive elements 2104 and 2106); alack of communication between the data packet generator and anotherdevice (such as another data packet generator, an RFID reader, or acomputing device) for more than a predetermined period of time; or othermeasurable or detectable events.

FIG. 23 is a screen shot of an exemplary user interface displaying spaceutilization intensity map 2300. The intensity map 2300 provides agraphical representation of space utilization data gathered by alocation identification system, which allows a user to quickly visualizethe how space is being used.

In some embodiments, intensity map 2300 includes floor plan display 2302and legend 2304. Floor plan display 2302 illustrates the location of aplurality of workstations 2310 (including workstation 2312, workstation2314, and workstation 2316, and workstation 2318) at a particularlocation, such as on a first floor of a building.

A color is associated with each workstation 2310. Each color representsa different space utilization intensity level, as shown in legend 2304.Legend includes white background 2320, green background 2322, yellowbackground 2324, and red background 2326. White background 2320 isassociated with a vacant workstation. Green background 2322 isassociated with a low usage intensity. Yellow background 2324 isassociated with a moderate usage intensity. Red background 2326 isassociated with a high usage intensity. Any number of colors may be usedin various embodiments, and any color can be associated with any usageintensity or range of usage intensities. Further, some embodiments usecolors, text, patterns, textures, images, graphics, sounds, multimedia,or various other identifiers to indicate usage intensity or ranges ofusage intensities.

Using data stored in the location authentication system database,intensity map 2300 is generated to visually depict the space utilizationintensity of each workstation. In some embodiments, background colorsare determined based on the percentage of normal business hours that aspace is occupied. For example, a vacant space is a space that is usedless than 5% of normal business hours. A low usage space is a space thatis used from 5% up to 50% of normal business hours. A moderate usagespace is a space that is used from 50% to 95% of normal business hours.A high usage space is a space that is used more than 95% of normalbusiness hours. Other embodiments define space utilization intensitiesbased on other percentages or on other periods of time.

In yet another embodiment, space utilization is defined by the number ofpeople that utilize a space in a particular period of time, or at aparticular time (e.g., whether a space is typically or currentlyoccupied by one person, two people, three people, etc.). Further, someembodiments display usage statistics for larger spaces or groups ofworkspaces, such as entire floors, entire departments, entire buildings,or define other spaces other than single workspaces. Some embodimentsdisplay usage statistics for common spaces, such as conference rooms,hallways, reception areas, restrooms, or other common spaces. Furtherembodiments display usage statistics based on the percentage of theavailable space that is utilized, such as the percentage of space thatis utilized for storage in a storage room, file room, closet, orcomputer room.

In this example, the background color of each workstation 2310 isdisplayed in a color representing the space utilization intensity. Forexample, workstation 2312 is displayed having a green background 2322,showing that workstation 2312 has a low usage intensity. Workstation2314 is displayed having a white background 2320, showing thatworkstation 2314 has not been used during the observation period.Workstation 2316 is displayed having a yellow background 2324, showingthat workstation 2316 has a moderate usage intensity. Workstation 2318is displayed having a red background 2326, showing that workstation 2318has a high usage intensity.

Usage data is gathered in some embodiments whenever a user logs into acomputing device. For example, when a user logs into a computing device,the device prompts the user for a passcode. The user enters the passcodedisplayed on the data packet generator located in the workspace. Thepasscode is communicated to a server, which identifies the workspace andidentifies the workspace as being in use.

In other embodiments, space usage data is compiled in other ways. Forexample, space utilization is tied to light usage in some embodiments.If the lights are on, the space is considered to be in use. Motiondetectors are used in other embodiments. Yet other embodiments utilizeother sensors. For example, a motion or weight sensor can be associatedwith a chair to detect when a user is sitting in the chair. The usagedata is then communicated to a server using one or more communicationdevices. The usage data is then stored for subsequent use, such as togenerate space utilization intensity map 2300.

As noted above, user privacy is an important consideration. It may bedesirable to impose restrictions or limitations to data collection toprotect user privacy. For example, in some embodiments, detecting when auser is sitting in a chair is limited to only short durations of time atinfrequent intervals. Alternatively, though data collection may not belimited, the generation of reports can be limited to protect userprivacy. However, it is noted that although some embodiments do collectspace utilization data, some embodiments do not identify the user thatis occupying the space. In these embodiments the data that is collectedmay only show that the space was used without providing any informationto identify the particular user or users that were utilizing the space.

Space utilization intensity map 2300 is an example of a possible userinterface display of a handheld inspection and maintenance device. Suchan inspection and maintenance system is typically a portable deviceincluding a display, a data packet generator communication device, anetwork communication device, an input device (such as a touch screen orkeypad), a processor and memory (e.g., a computing device). In someembodiments the handheld inspection and maintenance device displays afloor plan of a facility where the inspector is currently located.Location information is determined, for example, by receivingcommunications from nearby data packet generators that (e.g., throughcommunication with the server) identify the location, or by receivingGPS signals with a GPS receiver, or both. In some embodiments the floorplan display automatically pans as the inspector moves throughout thebuilding to continually display a current floor plan for the locationthat the inspect is in. For example, if the inspector moves one way, thefloor plan scrolls to the left. If the inspector moves another way, thefloor plan scrolls down. In some embodiments the inspection device alsodetects elevation or determines what floor the inspector is on, andautomatically adjusts the display accordingly.

Other embodiments of the handheld inspection and maintenance deviceinclude other user interface displays. For example, a real-time CAFMdisplay is provided in some embodiments. Other user interfaces ordashboard displays are included in other embodiments, such as thosedescribed herein. In some embodiments the handheld inspection andmaintenance device is a smart phone, such as an iPhone. In someembodiments the smart phone includes a handheld inspection andmaintenance device software application running thereon. In someembodiments the handheld inspection and maintenance device includes anelectronic compass or global positioning system that providesinformation on orientation, position, location, or movement to thehandheld inspection and maintenance device.

Other embodiments include other user interface displays to communicateinformation to a user. In some embodiments, such displays of informationare referred to as dashboard displays. Examples of alternative dashboarddisplays include tables (including spreadsheets), charts, bar charts,gauge charts (e.g., having the appearance of a gas gauge orspeedometer), pie charts, line charts, XY plots, or other dashboarddisplays useful for communicating data visually to a user.

Further examples of alternative dashboards or data displays are asfollows: estimated greenhouse gas emissions per square foot/meter hourof utilization, utility cost per square foot/meter hour of utilization,location of important documents and/or assets, security guard locationson rounds, IT threat management by internal location, IT threatmanagement by percentage of network requests that do not include anauthenticated data packet, VoIP locations, average working distancebetween a defined group, chargeback rates based on actual utilization ofspace (among other factors), temperature by defined area, humidity bydefined area, location of personal items with asset tags (possiblyaccessed with a user defined password), reconfiguration activity forspace planners, estimated carpet usage based on utilization, buildingmaintenance required/performed, status of the data packet generators(including information from data packet generators such as batterylife), model of data packet generators, height of worksurfaces(obtainable with a sensor if the data packet generator is installedunder a worksurface facing the floor), insurance claims compared toergonomic height of worksurfaces (or other factors), reconfigurefrequency between industries, groups, regions, etc, community area spaceutilization rates (via heat, sound or motion sensors typically),projections of non-network related occupancy (statistically based onmanual studies of various worker types), find my friend/colleagueapp(s), historical bandwidth requirements per username (tied toreal-time location), automated consulting, square foot/meter total costper employee hour of utilization, any location based geospatial apps(Google Apps, iPhone apps, Blackberry apps), reservations fulfillmentpercentage, demographic information compared to utilization and/orpatterns of use, find my computer, find all of the computers in mydepartment before a move, emergency responder locations, disasterRecovery reports indicating who was in a space just prior to a disaster,business continuity reports indicating nearby locations to report towork after a disaster, smoke detection view (smoke detection can be apart of a data packet, space heater view, high temperature view duringemergencies, social view in hoteling environments (patterns of use),contractor view (where and how many people are using space even ifusernames are not known), strategic level (executive level) dashboardsthat integrate space utilization information with dashboards relating tothe availability of qualified labor around the globe such as forprojections on occupancy, firmware updates received, devices set on anapproved storage module, missing/disconnected data packet generators,(CAFM), proposed floor plan with real-time data feed (so that spaceplanners can view the results of a floor plan prior to building it),performance chart (showing the general patterns of high performingpeople), cubicle pac man and other gaming functions, box move view(pre-move and post-move), tampered devices view, alternative roll-call(sending out a message between devices that propagates through meshnetwork), auto updates (such as high vacancy warnings via Twitter ortext message), current mail drop location, update printer settings,firmware or software version being used, churn (industry term foremployees moving from one assigned place to another), location ofhot/cold calls, PoE active/inactive, log file view of what has happenedto an individual device, date of last confirmed synchronization,Ethernet port locations, artwork view (can include a picture of theartwork if drilled down), total value of actions taken, qualificationlevel of a given property (e.g., not every site is well suited to beoptimized due to a variety of reasons such as parking, sublease market,etc., but this display provides a map-type of view of the worldwidesites with the qualification level indicated), virtual walls betweendepartments by color code (for setting up internal Virtual Walls),virtual wall protected files, risk level associated with various actions(list powered by algorithms/statistics) (e.g., because things changedaily, deciding to vacate a floor may have an 80% probability of being aprofitable move and a 20% chance of costing more when all factors areconsidered), phone locations compared to login locations (list), energycost per square foot/meter hour of occupancy, synergy view (links peoplein a group by distance or walking time), assigned locations vs. actuallocations (e.g., including a simple mechanism to update actual locationfrom the assigned location), assigned locations abandoned list (peoplewho haven't shown up anywhere for x days—including a simple mechanism todelete their assignment at a location), a personal log of historicalspace utilization that includes goals set personally and/or bymanagement, and an ultra compact hoteling view. As mentioned above, manyof these data displays (and others described herein) can operate in morethan one format. Real-time, compiled, and predictive views are typicalfor all such data displays. Performance goals can be associated withmany of these (or other) data displays. Some data displays combine databetween multiple data displays. Some data displays can also causeautomated response(s) (such as building control responses or newspaperhiring ads that get automatically published in regions with workers whohistorically utilize less space). Various access levels to view these(and other) data displays is typically required. In some cases it ishelpful to allow users to create their own themes for the data display,while preventing them from changing the contents of the display.

Some further examples of possible applications for one or more of thesystems or methods disclosed herein are as follows. Some embodiments areused to identify a location of a person or device, or multiple people ordevices. Accordingly, a wide variety of applications utilize theselocating features. For example, applications include systems to identifya particular direction, provide directions, and display the currentlocation on a map, chart, display, CAFM display, or other userinterface. A nearest place of business is identified in someembodiments, such as a store, dentist, doctor, hospital, gas station,movie theater (such as a theater playing a particular movie), gym, taxi,Wi-Fi hotspot, restaurant, bar, or coffee shop. A location of a lostitem is identified in some embodiments, such as a car, phone, person,tree stand, lost object or pet, etc. Some embodiments are position basedgames, such as a scavenger hunt or obstacle course. Some embodimentsdisplay coupons for use at your current location. Some embodiments areused for real estate, such as to display information about the property,make an offer or inquiry relating to a property, identify a neededrepair or make a maintenance request. Some embodiments are used to tracka position during a golf game (or distance to the pin), identifyaltitude or altitude changes, or distances traveled. Some embodimentsinclude travel guides that provide information about a current location,such as historical information, places to stay, places to eat,entertainment options. Some embodiments provide a weather forecast basedon a current location. Some embodiments are part of or interface with agraphical information system (GIS). In some embodiments, such data isstored in memory and/or included as content in a data packet. In otherembodiments the data is displayed in a user interface, or used togenerate a user interface display.

Some embodiments include a smartphone-off application. This applicationallows a user to select one or more locations or regions where asmartphone (or other device) should be turned off. When thesmartphone-off application detects that it is in the location or region,the application turns off the smartphone, or causes the smartphone toenter a non-active state (e.g., a hibernation mode). In exampleembodiments, the location is at or around the users home or office. Inother embodiments, the volume and/or operation of the smartphone isadjusted based on the location, such as to mute the volume or to turnon/off a vibration feature. Other features are adjusted based onlocation in other embodiments.

Some embodiments of the systems and methods described herein utilizesmart dust. For example, a data packet generator is incorporated into asmart dust device (i.e. mote). The motes are used for a variety ofpossible applications. For example, a large quantity of motes isreleased into a weather formation. Each mote is authenticated using theprocessed described herein (such as method 1300) operating at highspeeds. Accordingly, data about the location of each mote (or otherdata) is compiled and processed. Such data is used to view weatherpatterns, for example. In another example, motes are released into afluid to monitor fluid flow, such as through a pipeline system.

FIG. 24 is a schematic block diagram of an example authentication system2400. Authentication system 2400 includes server 2402, network 2404,data packet generator 2410, data packet generator 2412, computing device2420, and computing device 2422. In this example, data packet generator2410 and computing device 2420 are located within workstation 2406, anddata packet generator 2412 and computing device 2422 are located withinworkstation 2408.

Server 2402 typically operates to authenticate a passcode generated byone of data packet generators 2410 or 2412 as being a valid and currentpasscode. Communication with server 2402 occurs across network 2404.Computing devices 2420 and 2422 are at least sometimes configured tocommunicate with network 2404.

In this example, data packet generator 2410 includes communicationdevice 2440 and data packet generator 2412 includes communication device2442. Communication devices 2440 and 2442 allow data packet generators2410 and 2412 to communicate with each other as well as with a computingdevice. For example, data packet generator 2410 is able to communicatewith data packet generator 2412 as shown by communication path 2430.Data packet generator 2410 is also able to communicate with computingdevice 2420 as shown by communication path 2432. In some embodimentsonly one communication path is used. In other embodiments, additionalcommunication paths are used, such as to communicate with other objects,people, or devices.

Some embodiments of data packet generator 2410 are configured tocommunicate across network 2404, such as to communicate with server2402.

Examples of communication devices 2440 and 2442 include radio frequencycommunication transmitters, receivers, or transceivers; infraredcommunication devices; or other wireless communication devices. In someembodiments communication devices 2440 and 2442 are wired communicationdevices, such as an Ethernet communication device.

In some embodiments, communication devices 2440 and 2442 have two ormore communication modes, such as a short range communication mode and alonger range communication mode. The short range communication mode istypically used for communication between the data packet generator(e.g., data packet generator 2410) and a computing device (e.g.,computing device 2420) that is located within the same workspace, suchas illustrated by communication path 2432.

When the communication device 2440 is operating in the short rangecommunication mode, communication is limited to a short range. In someembodiments the short range is about the distance across the workspacein which the data packet generator is located, such as workstation 2406for data packet generator 2410. In some embodiments the short range isfrom about 2 feet to about 10 feet, and preferably from about 2 feet toabout 6 feet. In other embodiments, the short range is less than about100 feet. Other embodiments include other ranges.

The short range communication mode prevents communication from occurringacross a distance greater than the short range. As a result, when acomputing device (or other device) is able to communicate with thecommunication device 2440 while it is operating in the short rangecommunication mode, the location of the computing device is known to bewithin the short range of the associated data packet generator. If thelocation of the data packet generator is also known, then the locationof the computing device is also known.

In some embodiments, the data packet generator 2410 communicates apasscode (or other data) using the short range communication mode. Theshort range of the short range communication mode prevents the passcodefrom being received by a computing device that is outside of the shortrange of the communication device 2440, but allows the passcode to bereceived by a computing device that is within the short range of thecommunication device 2440.

In some embodiments computing device 2420 is programmed to automaticallydetect a communication from data packet generator 2410 acrosscommunication path 2432. Once detected, the passcode (or other data) isreceived from the communication and may be used for an automated loginwith the server. For example, when a user starts a computer, the usercan enter a username and password (if desired by the administrator).Before proceeding with the login, however, the computing device waits toreceive a passcode from a nearby computing device. If the passcode isreceived, the computing device proceeds to use the username, password,and passcode to gain access the system (or just the passcode in someembodiments). If a passcode is not received within a predeterminedperiod of time, the user is prompted to manually enter a passcode.

An alternate embodiment does not require a user name or password.Rather, software runs in the background on the computing device. Thesoftware periodically receives a passcode (or other data) from a datapacket generator and provides that passcode to a server withoutrequiring user intervention. Further, in some embodiments the softwaredoes not act to control access to protected resources.

Some computing devices use identifiers other than usernames andpasswords to confirm the identity of a user. For example, a biometricidentification system is used to identify a user according to one ormore biometric identifiers. Examples of biometric identifiers includefingerprint scanners, eye scanners (e.g., iris scanners), faceidentifiers, voice identifiers, etc. Ultimately each organization willtypically determine the identification method or methods that are bestfor that organization.

In some embodiments the username is obtained automatically for use asdisclosed herein, such as by utilizing a software application running onthe computing device to read the user name from the operating system(such as from the operating system registry file).

When the communication device 2440 is operating in the longer rangecommunication mode, communication is possible across a longer distancethan is possible in the short range communication mode. In someembodiments the longer distance is in a range from about 10 feet toabout 30 feet, and preferably from about 15 feet to about 25 feet. Inother embodiments, the longer range is greater than about 100 feet.Other embodiments include other ranges.

In some embodiments, a data packet generator utilizes the longer rangecommunication mode of the communication device 2440 to communicate withneighboring data packet generators, such as across communication path2430. A neighboring data packet generator is a data packet generatorthat is within the longer range of another data packet generator, whenthe data packet generator is communicating in the longer rangecommunication mode. For example, when data packet generator 2410 isoperating the communication device 2440 in the long range communicationmode, data packet generator 2410 is able to communicate with neighboringdata packet generators, such as data packet generator 2412, if the datapacket generator 2412 is a distance away that is less than the longerrange of communication device 2440. This can include, for example, anydata packet generators located within one or more neighboringworkspaces, such as workstation 2408.

In some embodiments, communication device 2440 is used to communicate apasscode (or other data in a data packet) to a computing device or toanother data packet generator without requiring a user to manually readthe passcode (or other data) from the display of the data packetgenerator and manually enter the passcode into a keypad. As a result,such communication of the passcode (or other data) is sometimes referredto herein as automated communication. Further, in some embodimentsadditional information is also communicated along with the passcode. Insome embodiments, such information is transmitted as, or as part of, adata packet.

One example use of the longer distance communication mode is tocommunicate passcodes among neighboring data packet generators. Forexample, in some embodiments each data packet generator is programmed tobroadcast a data packet to neighboring data packet generatorsperiodically, such as once per day. The data packet includes variousinformation, such as a serial number of the data packet generator or apasscode generated by the data packet generator (or other data describedherein). The neighboring data packet generators receive the data packetthat is broadcast and store some or all of the data in memory. Forexample, in some embodiments the serial numbers and/or passcodes of eachof the neighboring data packet generators are stored in memory. Later,when the data packet generator transmits a data packet to a computingdevice (or the server), the data packet generator also retrieves frommemory the data from the neighboring data packet generators andtransmits such data as well. If sent to the computing device, thecomputing device then transmits the data to the server (e.g., server2402). The server then stores the data packet information in memory forsubsequent or immediate use.

For example, in some embodiments the server utilizes neighboringpasscode information to confirm the location of the data packetgenerator, by verifying that the neighboring passcodes were in factgenerated by the known neighbors of the data packet generator. If a datapacket generator is unable to supply the serial numbers or passcodesfrom neighboring devices, the server determines that either the datapacket generator has moved (or malfunctioned) or that one or more of theneighboring data packet generators have moved (or malfunctioned). Bysimilarly receiving such data from all other data packet generators, thelocations of all (or at least some) of the data packet generators in afacility are verified or are flagged as requiring review, investigation,or other action. The interconnected network of data packet generators issometimes referred to herein as a mesh network. The mesh network permitsdata packet generators to be moved (e.g., semi-transient), while theserver maintains an accurate identification of the location (orapproximate location) of the moved data packet generator. For example,if a reconfiguration of office space occurs, the movement of the datapacket generators is reported to the server to inform space planners ofthe reconfiguration and present locations of the data packet generators.In some embodiments information is communicated to the space planners inan automated communication, such as via an e-mail or text message. Inother embodiments a message is displayed on a user interface of acomputing device.

In some embodiments communication 2430 is used by a data packetgenerator 2410 to determine the distance that the data packet generator2410 is away from a neighboring data packet generator 2412. Oneexemplary method of determining the distance between data packetgenerators is to measure a signal intensity of communication 2430received from data packet generator 2412. The attenuation of the signalfrom a known original intensity can be used to approximate the distance.In another embodiment, data packet generator 2410 determines a change insignal intensity among multiple communications 2430. A drop in signalintensity of a communication 2430 from the intensity of a previouslyreceived communication indicates that the data packet generator 2412 mayhave been moved away from data packet generator 2410. Another method ofdetermining the distance between data packet generators is to measurethe time the signal takes to propagate to a nearby data packet generatorand to receive the response from the data packet generator. Anotherembodiment uses triangulation between multiple data packet generators todetermine distances and/or specific locations of neighboring data packetgenerators.

In some embodiments a periodic location check is performed. The periodiclocation check occurs periodically, such as once per minute, hour, day,or month. The location check is initiated, in some embodiments, by asingle data packet generator that emits a first location check message.The location check message is received by neighboring data packetgenerators that in turn emit a subsequent location check message. Thisis an example of viral communication. The message continues to propagatethrough the entire area until all data packet generators that are withinrange of another data packet generator have issued a location checkmessage. The location check messages are also received by neighboringdata packet generators. The neighboring data packet generators use thelocation check messages to estimate the distances between themselves andthe neighboring data packet generators. The distance information is thenstored in memory, such as for subsequent communication back to theserver (such as using a passcode alert message described below). Inanother possible embodiment, instead of a location check, a presencecheck is performed that verifies the presence of a data packetgenerator, rather than the location of the data packet generator.

Viral communication is used in some embodiments to communicateadditional information or data among data packet generators. Forexample, firmware updates are transmitted through the data packetgenerators using viral communication in some embodiments, where thefirmware update is distributed to one or more selected data packetgenerators, which in turn send the firmware update to the neighboringdata packet generators until all interconnected data packet generatorshave received the update. Security measures are put into place in thepreferred embodiments to ensure that an actual virus or other maliciousfirmware or software cannot propagate in this manner.

In another possible embodiment, the presence check is performed at apredetermined time, where all data packet generators are configured towake up during that time to perform the presence check. In someembodiments the data packet generators remain active for a period oftime, such as about ten minutes, to allow all of the presence checks tobe performed, before returning to a normal mode of operation. In someembodiments the operation of the data packet generator during thisperiod is referred to as a presence check mode of operation.

FIG. 25 is a state diagram illustrating an example method 2500 ofoperating a data packet generator. Method 2500 includes normal mode2502, alert mode 2504, and disable 2506.

Method 2500 begins in normal mode 2502. In normal mode, the data packetgenerator generates and outputs a current passcode or data packetperiodically, such as once per minute. In some embodiments the currentpasscode is displayed by a display of the data packet generator. Inother embodiments the current passcode (or other data) is transmitted ina data packet using a communication device. Other embodiments do both.Normal mode 2502 continues until a qualifying event is detected.

An example of a qualifying event is the detection of potentialtampering, such as by a tamper sensor. Another example of a qualifyingevent is the receipt of an alert message from a neighboring data packetgenerator. Other examples of qualifying events are described herein.Other qualifying events can include any event that is measurable,detectable, or determinable by a data packet generator. Examples of datathat can be included in the data packet are described herein, such as intable 2 below.

Upon the detection of a qualifying event, method 2500 begins to operatethe data packet generator in alert mode 2504. While operating in alertmode, the data packet generator continues to generate a current datapacket periodically. However, the data packet generator now addsadditional information to the data packet in an effort to communicateinformation regarding the qualifying event that has been detected. Anexample of the alert mode 2504 is described in more detail herein withreference to FIGS. 26-30 .

In some embodiments, the alert mode 2504 adds to the data packetinformation about the event that has occurred. Other embodiments takeadditional action.

After operating in the alert mode 2504, method 2500 either returns tonormal mode 2502 upon termination of the qualifying event, or operatesto disable the data packet generator 3506 if one or more criteria fordisable are met.

In some embodiments, some qualifying events terminate after a passage oftime. Other qualifying events terminate once the qualifying event hasbeen rectified, such as if a missing screw is replaced. Other qualifyingevents terminate upon receipt of a wireless or wired communication froman administrator, security personnel, or server informing the datapacket generator that the event should be terminated. In someembodiments some qualifying events terminate when the data packetgenerator is placed into a known “safe zone,” such as by returning thedata packet generator to a docking station or particular storage room.In some embodiments the location of the data packet generator can bedetermined by the data packet generator by receiving a known passcode(or other data, such as a serial number or other data packet generatoridentifier) from another data packet generator that is known to be in aparticular location, such as the storage room. In some embodiments,after an alert is sent, neighboring data packet generators respond tothe alert to inform the alerting data packet generator that the alerthas been received. The receipt of this message from one or moreneighboring data packet generators terminates the qualifying event insome embodiments. Other embodiments terminate qualifying events in othermanners.

Alternatively, in some embodiments, method 2500 proceeds to disable thedata packet generator after operating in the alert mode 2504 if one ormore criteria for disable are met. An example of a criterion for disableis the passage of a period of time following a qualifying event. Anotherexample of a criterion for disable is the inability to communicate withpreviously neighboring data packet generators for a period of time.Another example of a criterion for disable is tampering that exceeds apredetermined threshold (e.g., a screw is removed, two or more screwsare removed, if screws are removed in a certain order, if screws are notremoved in a certain order, if screws are removed within a certain timeperiod, if screws are not removed in a certain time frame, if a detectedimpact exceeds a predetermined impact threshold, if a temperatureadvances out of a safe operating range, etc.).

In some embodiments, disable 2506 operates to put the data packetgenerator into a hibernation mode, such that the data packet generatorceases generating and outputting passcodes. In another embodiment,disable 2506 operates to cause the data packet generator to clear datastored in memory, such as a passcode generation algorithm, passcode seedinformation, software, data regarding neighboring passcodes, or anyother data stored in memory. In another possible embodiment, disable2506 causes the data packet generator to begin generating a differentset of passcodes that appear to be valid passcodes but are valid orinvalid passcodes that the server knows to be related to a disableevent.

In some embodiments, an administrator or other authorized user can reseta data packet generator to return the data packet generator to normalmode 2502 following alert mode 2504 or disable 2506. In some embodimentsresetting the data packet generator involves restoring data previouslyerased from memory, such as by transmitting the data to the data packetgenerator. Alternatively, new data can be transmitted to the data packetgenerator, which stores the data in memory.

FIG. 26 is a state diagram illustrating an example of alert mode 2504 ofmethod 2500 previously described with reference to FIG. 25 . Alert mode2504 includes manual alert 2602 and automatic alert 2604. In someembodiments alert mode 2504 operates to perform both manual alert 2602and automatic alert 2604 simultaneously. In other embodiments, manualalert 2602 is performed continuously, while automatic alert 2604 isperformed only periodically. In yet further embodiments, only one ofmanual alert 2602 or automatic alert 2604 are performed.

Manual alert 2602 operates to display a manual alert passcode using adisplay (e.g., display 1920, shown in FIG. 20 ). The manual alertpasscode includes the current passcode and also includes one or morealert codes. An example of manual alert 2602 is illustrated anddescribed in more detail with reference to FIGS. 27 and 28 . The manualalert passcode is manually viewed by a user and entered into a computingdevice. The computing device then communicates the manual alert passcodeto a server, which validates the current passcode and extracts the alertcode. In some embodiments the server performs a subsequent action basedon the alert code received.

Automatic alert 2604 operates to transmit an alert message, such asusing a wired or wireless communication device. In some embodiments, thealert message (which, in some embodiments is part of the data packet)includes the current passcode and also includes alert data that containsinformation about the qualifying event that has been detected. Otherdata is also included in some embodiments, such as described herein. Anexample of automatic alert 2604 is illustrated and described in moredetail with reference to FIGS. 29 and 30 .

In some embodiments, the automatic alert message is communicated to acomputing device, which in turn communicates the automatic alert messageto a server, which validates the current passcode and extracts the alertmessage. In other embodiments, the automatic alert message iscommunicated to another data packet generator, which itself communicatesthe alert message either to a computing device or to another data packetgenerator. Once the alert message has been received by a computingdevice, the computing device communicates the alert message to a server.In some embodiments the server performs a subsequent action based on thealert message received. In some embodiments, the data packet generatorsends the alert message directly to the server across a communicationnetwork.

In some embodiments the alert message is a data packet that includes atleast one piece of data relating to the alert. Examples of data that canbe included in the data packet are described herein. In some embodimentsthe alert message is the same as a data packet communicated at non-alerttimes, except that specific alert data is included in the data packet.

FIG. 27 is a flow chart of an example method 2602 of operating a datapacket generator in a manual alert mode. Method 2602 includes operations2702, 2704, 2706, and 2708.

Method 2602 typically begins with operation 2702 to determine a currentpasscode. A current passcode is determined, for example, by retrievingthe passcode from a lookup table, or by generating the passcode using apredetermined algorithm.

In some embodiments, the data packet generator is configured toselectively determine current passcodes based on two or more processes.For example, the data packet generator initially generates passcodesaccording to a first algorithm, but upon the receipt of a message fromthe server (or occurrence of another event), the data packet generatorswitches to a secondary process for generating passcodes, such as asecond algorithm or based on a lookup table stored in memory.

After a current passcode has been determined, operation 2704 isperformed to determine an alert code. The alert code is typicallyassociated with the qualifying event that was detected. In someembodiments the alert code identifies the qualifying event. In otherembodiments, the alert code provides at least some information regardingthe qualifying event. In yet other embodiments the alert code means thata qualifying event has occurred without providing additionalinformation.

Operation 2706 is then performed to determine an alert code digit. Thealert code digit is a number (or set of numbers) that identifies thelocation within the manual alert passcode where the alert code isinserted.

In some embodiments, a variable alert code digit acts to prevent a userfrom intentionally omitting the alert code when manually entering thepasscode into a computing device. When the position of the alert code isvariable, the user doesn't know which digit of the manual alert passcodeis the alert code. As a result, the entire manual alert passcode must beentered.

In other possible embodiments, operations 2702, 2704, and 2706 areperformed in a different order. For example, method 2602 begins withoperations 2704 or 2706 in other embodiments.

Once the current passcode, alert code, and alert code digit have beendetermined, operation 2708 is then performed to generate and display thecurrent manual alert passcode. The current manual alert passcodeincludes the current passcode, as well as the alert code inserted intothe passcode at the alert code digit to form a combined code having alength equal to the sum of the current passcode and the alert code.

FIG. 28 provides an example of method 2602 shown in FIG. 27 . Duringoperation 2702 a current passcode is generated. In this example, thecurrent passcode is “6179847”, which includes seven total digits. (Otherembodiments include passcodes having a different number of digits.) Inthis example, each digit is numbered sequentially from 1 to 7, startingwith the first digit (6) and ending with the seventh digit (7). Thepasscode is generated, for example, using a predetermined algorithm thatis also known by a server.

During operation 2704, an alert code is generated. In this example, thealert code is a number from 0 to 9, having a single digit, but otherembodiments include other characters or symbols and include one or moredigits. Specifically, in this example the alert code is “0”. In someembodiments each alert code is associated with a particular qualifyingevent. Table 1 provides an example set of alert codes and associatedqualifying events.

TABLE 1 TABLE OF ALERT CODES AND ASSOCIATED QUALIFYING EVENTS ALERT CODEDESCRIPTION OF QUALIFYING EVENT 0 A security guard or furnitureinstaller has been in this area 1 A nearby data packet generator hassensed motion exceeding 3 seconds in duration 2 A nearby data packetgenerator has had all four screws removed from it 3 A nearby data packetgenerator has had all four screws removed from it and experienced motionexceeding 3 seconds in length 4 This data packet generator hasexperienced motion exceeding 3 seconds in duration and will emit asignal once every 24 hours for the next 72 hours requesting a reentryresponse from new or existing neighboring devices. If no response isreceived within 72 hours, memory will be erased 5 A data packetgenerator has reentered near this data packet generator 6 This datapacket generator has reentered and been found by nearby data packetgenerators within the 72 hour time period 7 This data packet generatorhas been placed in a secure area and recognizes the verifying signalthat is sent from the docking station or storage room 8 This data packetgenerator has just emitted a previously scheduled floor scan signal thatwill spread like a virus to every device currently on the floor 9 Thisdevice just received a floor scan signal and is “present” on the floor

In other possible embodiments the alert codes change according to apredetermined algorithm. This prevents a user from looking for aparticular alert code in the current manual alert passcode, and thenomitting that alert code from the passcode. The algorithm for changingthe alert codes is typically also known by the server.

During operation 2706 an alert code digit is determined. The alert codedigit is typically a number indicating the digit in the manual alertpasscode where the alert code should be inserted. The alert code digitis typically a number between 1 and the sum of the number of digits inthe current passcode and the number of digits in the alert code. In thisexample the passcode includes seven digits and the alert code includesone digit, such that the alert code digit is a number between 1 and 8.

In some embodiments the alert code digit is fixed. For example, in someembodiments the alert code digit is always the number of digits in thepasscode plus one. In this way the alert code is appended to the end ofthe passcode. Other embodiments use a predetermined algorithm todetermine the alert code digit. Preferably the algorithm is also knownby a server. In this example the alert code digit is computed to be “3”.

The alert code digit is then inserted into the current passcode at thealert code digit. For example, the alert code “0” is inserted into thethird digit of the current passcode, resulting in a manual alertpasscode of “61079847”.

Although not required in all embodiments, it is preferable that thecurrent passcode and the manual alert passcode be kept relatively short.The reason for this is that in the manual alert mode the manual alertpasscode must be viewed by a user and manually typed into a computer. Arelatively short passcode makes it easier for a user to enter thepasscode and reduces the chance of the passcode being enteredincorrectly. It is preferred that the passcode be in a range from about5 characters to about 15 characters, and preferably from about 7characters to about 8 characters. It is also preferable that the manualalert passcode also be kept to about these ranges. Although a longerpasscode can be used in some embodiments, a long passcode such as having30 digits will typically be more difficult and cumbersome for a user toenter manually. Alternatively, a longer passcode may be formed of two ormore sequential passcodes having a relatively short length.

Since it is desirable to limit the length of the manual alert passcode,the amount of information that may be conveyed by the alert code is alsolimited. An example of the information that can be conveyed by the alertcode is provided in table 1 herein.

There are multiple reasons for including a manual mode of operation in adata packet generator. First, some computers may not be configured toreceive automatic alerts (such as if they do not include a wirelesscommunication device). Second, in the event that a communication deviceon either the data packet generator or the computing devicemalfunctions, the manual mode is available as a backup method. This, forexample, ensures that no user is prevented from accessing systemresources due to a malfunctioning communication device. Third, themanual mode can be used as a higher security mode, such as by disablingwireless communication of passcodes, to prevent unauthorized orinappropriate receipt of passcodes. A particular user may not haveaccess to a computing device, but still need to access a passcode. Forexample, a box mover, first responder, or other transient user canutilize the manual mode to obtain a passcode.

FIG. 29 is a flow chart of an example method 2604 of operating a datapacket generator in an automatic alert mode. Method 2604 includesoperations 2902, 2904, 2906, and 2908.

Method 2604 typically begins with operation 2902 to determine a currentpasscode. The current passcode is typically determined according to apredetermined algorithm, or is retrieved from a lookup table.

Operation 2904 is then performed to determine alert data. Alert data istypically data associated with the qualifying event that caused the datapacket generator to enter the alert mode. A wide variety of data can beprovided. A few examples are described with reference to FIG. 30 . Insome embodiments operation 2904 is performed before operation 2902.

Operation 2906 is then performed to generate and send an alert messageincluding the current passcode and the alert data. In some embodimentsthe alert message is sent to a computing device, which relays theinformation to a server. In other embodiments the alert message is sentto a neighboring data packet generator, which then sends the message toa computing device that in turn relays the message to a server.

FIG. 30 provides an example of method 2604 shown in FIG. 29 .

During operation 2902 a current passcode is generated. Methods ofgenerating a current passcode are described herein. For example, apredetermined algorithm is used in some embodiments to generate thecurrent passcode. In this example, the current passcode is “6179847”.

During operation 2904 alert data is gathered. Alert data typicallyincludes data associated with a qualifying event. In addition, any otherdetectable, measurable, or determinable information may also beprovided. Examples of alert data include an alert code (see table 1herein), a description or code identifying the triggering event, a timestamp that the triggering event occurred, an identification of one ormore passcodes from neighboring data packet generators, a description ofa qualifying event that has occurred on a neighboring data packetgenerator, an identification of a distance that the data packetgenerator is away from a neighboring data packet generator (such asdetermined by measuring the signal intensity of a communication receivedfrom a neighboring data packet generator), subsequent triggers orqualifying events that were detected, an identification of any actionsthat have been taken, or other information.

In other possible embodiments, data collected during the alert mode isinserted into a data packet, such as one or more of the example datapackets described herein, such as shown in table 2. In some embodimentssuch data is gathered even when the data packet generator is notoperating in an alert mode.

In some embodiments, alert data is compiled into a series of numbersthat encode data therein. As discussed below, the alert data can beadded to the passcode to form an alert message. In some embodiments,then, the alert message is essentially a longer passcode including afirst series of numbers identifying the current passcode and a secondseries of numbers encoding the alert data. As a result, the alertmessage can form a passcode having a long length, such as in a rangefrom about 10 digits to about 1 million digits, or more. For example, animage captured by a digital camera of the data packet generator can beencoded as part of the alert message in some embodiments. Someembodiments encode data in a binary form.

Once the current passcode and the alert data have been compiled,operation 2906 is performed to generate and send an alert message. Thealert message includes the current passcode and the alert data. In someembodiments the message includes a header at the beginning of themessage, such as the headers described herein. The header identifies,for example, the number of bytes contained by the following message oran identification of the content of the message.

FIG. 31 is a schematic block diagram of an example authentication system3100 that controls access to a protected resource. In this example theprotected resource is a conference room 3106. System 3100 includesserver 3102, network 3104, data packet generator 3110, telephone 3112,computing device 3120, conference room control system 3122, and roomresources, such as lights 3124, and room scheduler 3126.

An exemplary method of using authentication system 3100 begins with auser scheduling conference room 3106 through room scheduler 3126. Forexample, a user utilizes a computing device (not shown) to check roomavailability and reserve the conference room for a particular time andduration. When the time for the conference room use arrives, a user usesthe authentication system 3100 to show that they are actually going touse the conference room within a predetermined period of time, such aswithin five or ten minutes after the scheduled start time of theconference.

One example method of confirming use of the room is as follows. First,the user enters the room and dials a telephone number to access anautomated conference room confirmation system. The system asks the userto enter the passcode provided by data packet generator 3110. The userthen types the code into the telephone keypad. The passcode iscommunicated to server 3102 which validates that the passcode is a validcode. The validation is then communicated through computing device 3120to conference room scheduler 3126, which confirms that the conferenceroom is being used. In some embodiments the conference room scheduler3126 operates on a server, such that information about conference roomavailability is available to other users.

If such confirmation is not received, room scheduler 3126 releases theconference room reservation to make the conference room generallyavailable for any other user that needs a conference room.

In the event that a conference was not previously scheduled and theconference room is not currently being used, some embodiments also allowa user to reserve a conference room using a similar process. The userenters the room and turns on the lights, dials a telephone number, andenters the passcode from data packet generator 3110. The system may alsoprompt the user for other information, such as a user ID number, theduration of the conference, or any other information. The system thenupdates the room scheduler 3126 to show that the conference room is inuse.

If the user does not reserve the room in this way, the conference roomcontrol system will automatically shut off the lights after a period oftime, in some embodiments, assuming that the conference room is notcurrently being used. Some embodiments include motion detectors, sounddetectors or decibel meters, or other sensors to determine if aconference room is in use.

In some embodiments, after validating the passcode entered intotelephone 3112 as being valid, the server 3102 orally issues a sisterpasscode to the user. The user enters the sister passcode into computingdevice 3120 or uses an input device of data packet generator 3110 toenter the sister passcode into data packet generator 3110. If enteredinto the data packet generator 3110, the data packet generator thenvalidates the sister passcode and sends an alert message (such as via awireless communication device) to the conference room control system3122. In either case, the conference room control system 3122 operatesto grant access to room resources, such as the lights (e.g., turn on thelights) or any other desired resources.

Some embodiments conserve energy by shutting down lights or otherresources when not in use (e.g., temperature control systems) or byopening or closing curtains or blinds appropriately.

Some embodiments work to create a high performance building whereresources are automatically made available if they are not being used.For example, if a conference room has been reserved but is not occupiedwithin a period of time, the conference room is released from thereservation so that the space is made available to others.

In some embodiments an authentication system is used to determine thelocation of a device (such as a computing device), even if the device iscurrently turned off. To do so, the device is equipped with a remotelycontrollable power switch. The server issues a request to turn on thedevice. The request is received by the remotely controllable powerswitch (such as via a wireless or wired communication signal), whichcauses the device to turn on. The device is then programmed toautomatically search for a data packet generator communication includinga passcode. Once received, the device sends a data packet to the serveracross a network, such as including a passcode. The server receives thedata packet and uses data within the packet, such as the passcode, toidentify the location of the device. Subsequent action may then betaken, such as to physically collect the missing device or to record thecurrent location of the device in memory of the server. In someembodiments if a device is not located within a period of time, a longdistance signal is broadcast (such as a worldwide data signal) thatinstructs the device to erase its memory.

Some embodiments require that multiple passcodes be received frommultiple data packet generators. For example, if a vehicle is drivingdown the road and is equipped with a computing device, the computingdevice receives passcodes or data packets from multiple data packetgenerators arranged along the road. The passcodes or data from datapackets are stored in memory and in some embodiments are communicated toanother device, such as a server. The passcode information identifiesnot only particular locations, but shows a path that was taken by thevehicle. This information may then be compiled for subsequent use, suchas to determine payments that need to be made (e.g., a toll way), to paytaxes, or for a variety of other uses. Similarly, this information isused in some embodiments to control a fleet of moving vehicles, such asto control the speeds, orientations, directions, or routes of thevehicles. Data packets from the data packet generators are collected byeach vehicle as it moves.

Similarly, if a person walks down a hallway, multiple passcodes frommultiple data packet generators arranged along that hallway can becollected. In some embodiments access to a protected resource is notgranted unless a particular set of passcodes has been received within aperiod of time, such as to prove that a person walked down the hallway.If another path is taken (such as by walking around the outside of thebuilding), access to the protected resource is not granted.

In some embodiments the identity of a device and the location of adevice are merged to create another type of passcode. For example, atank could integrate an authentication code as a way to prove that thetank is in fact a particular tank. Further, a motion sensitive GPS unitis stationed nearby the tank (e.g., five feet away). A communicationdevice receives passcodes from both the tank and the GPS unit andgenerates a merged passcode from the combination of the two passcodes.If the communication device is unable to generate the merged passcode,an alert is issued (e.g., to Homeland Security).

In some embodiments look up charts are provided by the server to asecurity department periodically, such as once per hour, minute, hour,day, year, etc. The look up charts provide passcode information for aparticular set of data packet generators over that period of time. Insome embodiments, each data packet generator is associated with a set ofpasscodes that the data packet generator will generate during thatperiod. One method of identifying if this information is mishandled isto insert known misinformation into the lists occasionally. If themisinformation is detected by a server, the server is alerted that apotential security breach had occurred. For example, each data packetgenerator is, in some embodiments, programmed to generate two passcodesat a time. Only one of the passcodes is used for communication. Theother passcode is used, for example, to identify the particular datapacket generator that is being targeted, and acts to alert the serverthat a potential security breach had occurred.

FIG. 32 is a diagram of a DNA strand 3200. Living organisms can beidentified by genetic codes stored in DNA 3200 (deoxyribonucleic acid).DNA typically includes two strands 3202 and 3204 that are unitedtogether by chemicals, known as bases 3206. Unique characteristics ofDNA make identification of a living organism possible. Some embodimentsaccording to the present disclosure provide a biomimic of such a DNAstructure using numerical codes in place of chemicals, and time in placeof distance, as discussed below.

FIG. 33 is a schematic diagram providing a comparison between a singleDNA strand 3202 (and associated chemicals) and a numerical code 3302.Numerical code 3302 includes a plurality of codes A1, A2, . . . , An. Inthis example, each code includes ten digits. Code A1 is made up of thefollowing ten digits arranged in a particular sequence: “1904837562.”Code A2 is also made up of ten digits: “2658971317.” Numerical code 3302can include any number (n) of codes.

A data packet generator operates in some embodiments to generate a codethat is analogous to a DNA strand and can be used in the identificationof anything associated with the code, whether living, non-living,physical (e.g., an object or location), or non-physical (e.g.,information stored in digital form). Accordingly, some embodiments are abiomimic of DNA. In some embodiments, a process for authenticating usingnumerical codes is referred to as dynamic numeric authentication, andcan also be abbreviated with the acronym DNA. In contrast toidentification through natural DNA, dynamic numeric authentication usesnumbers in place of chemicals and time in place of length in someembodiments. Accordingly, an advantage of dynamic numeric authenticationis that authentication can be achieved without the identifier having totake up space (e.g., the size of time, numbers, and the sequence ofnumbers themselves is nothing). The only space consumed is that neededby hardware. Furthermore, when a code generator algorithm is used, anadvantage of some embodiments is that the current codes disappear (orare deleted) once their time has expired, leaving no room forduplicating later on or elsewhere (and even if duplicated, the code isno longer valid after expiration). Further, such past codes do not haveto continue to consume space in memory, in some embodiments.

In some embodiments, each code (e.g., A1) generated is only a portion ofan overall numerical code 3302 (e.g., each code is a segment ofnumerical code 3302). If a particular code (e.g., A1) is not sufficientto provide a unique identification, an additional code (e.g., A2) or setof codes can be used until the combined codes (e.g., A1 and A2) providea unique identifier.

As previously illustrated in FIG. 32 , natural DNA typically includestwo uniting strands. In a similar manner, some embodiments of dynamicnumeric authentication unite two or more identifiers to generate acombined identifier. As one example, a first data packet generator is indata communication with a nearby data packet generator (such as viawireless communication). The second data packet generator communicates acode to the first data packet generator. The first data packet generatorthen combines the received code with its own code and uses the combinedcode for identification.

FIG. 34 is a schematic diagram illustrating an example facility 3400.Facility 3400 includes a plurality of workspaces 3402. FIG. 34 providesa visual depiction of dynamic numeric authentication according to someembodiments. Each workstation is associated with a numerical code 3404(schematically illustrated as a single DNA strand). In some embodimentsthe numerical code 3404 is generated by a data packet generator asdescribed herein. In some embodiments, the numerical code 3404 providesan identifier that can be used to identify a location, such as aparticular workstation in facility 3400. In other embodiments, theidentity of a data packet generator is identified. The expected locationof the data packet generator is then determined. The actual location (orapproximate location) of the data packet generator is then verified (ordetermined) by use of the mesh network described herein and, in someembodiments, a geospatially aligned CAFM system.

FIG. 35 is a schematic block diagram of another example system 3500. Inthis example, system 3500 includes server 3502, network 3504, datapacket generator 3506, and computing device 3508. System 3500 alsoincludes a communication path 3510 and a communication path 3512. Insome embodiments server 3502 includes database 3520.

In this example, server 3502 is configured to communicate across network3504, such as the Internet or other data communication network. Theserver 3502 includes or is in data communication with database 3520. Insome embodiments, server 3502 includes one of a variety of possibleserver software applications, such as Microsoft Exchange Server,Microsoft SQL Server, and DHCP server. In some embodiments, server 3502further includes one or more database software applications thatimplement database 3520.

Data packet generator 3506 is also configured to communicate acrossnetwork 3504 by way of communication path 3510. One example ofcommunication path 3510 is a wire or set of wires, such as an Ethernetcable or telephone cable that permit wired communication with network3504. Another example of communication path 3510 is a wirelesscommunication path, such as through a wireless access point that permitswireless communication with network 3504. In some embodiments wirelesscommunication occurs according to a wireless communication protocol,such as one of the 802.11 protocols, or another wireless datacommunication protocol.

In some embodiments, data packet generator 3506 is fastened to anotherobject, such as a top or bottom of a work surface, a wall, a cabinet, orother object. Some embodiments are semi-permanently fastened to theobject, requiring at least one tool to disconnect the data packetgenerator 3506 from the object. In some embodiments, data packetgenerator 3506 can be removed from the object to which it is fastened,or alternatively, the object to which it is fastened can itself bemoved. As a result, data packet generator 3506 is semi-transient in someembodiments, such that the location of the data packet generator 3506can change.

In some embodiments, data packet generator 3506 is also configured tocommunicate with computing device 3508 across data communication path3512. Data communication path 3512 is wired in some embodiments,wireless in other embodiments, and a combination of wired and wirelessin yet other embodiments. Examples of wired and wireless communicationpaths are discussed above.

Computing devices 3508, such as desktop computers and laptop computers,are commonly configured to connect to a network, such as the Internet ora local area network, through an Ethernet cable. The combination ofwired communication paths 3510, data packet generator 3506, and wiredcommunication path 3512, acts in some embodiments as an enhancedEthernet cable, which permits computing device 3508 to communicate withnetwork 3504 by sending and receiving messages through data packetgenerator 3506.

FIG. 36 is a schematic block diagram of the example data packetgenerator 3506, shown in FIG. 35 . In this example, data packetgenerator 3506 includes processor 3602 (including memory 3604), memory3606, timer 3608, network interface 3610, communication hub 3612,network port 3614, computer port 3616, power supply 3618 (includingbattery 3620), wireless communication device 3622 (including antenna3624), USB interface 3626, and sensors 3628 (including sensors 3630,3632, and 3634).

Processor 3602 is a physical component that operates to process datainstructions. In addition to the other examples described herein,another example of processor 3602 is an ultra low power Wi-Fi chip, suchas the GS1010 or GS1011, manufactured by GainSpan Corporation located inLos Gatos, Calif., US.

Memory 3604 and 3606 is provided for storage of digital data. Examplesof memory are discussed herein. In some embodiments, memory 3604 and/or3606 contains data instructions, which when executed by the processor,cause the processor to implement one or more of the methods, modules,operations, or functions described herein. For example, in someembodiments the data instructions cause processor 3602 to generate adata packet. The data packets are generated periodically in someembodiments, such as described herein. In some embodiments the datapacket includes a serial number of data packet generator 3506, one ormore passcodes, or other data. Examples of data that can be included indata packet generator 3506 are described herein.

One or more timers 3608 are included in some embodiments to providetiming signals. In some embodiments there are two or more timers. Afirst timer provides timing systems for general operation of data packetgenerator 3506. A second timer is used for a real-time clock. Thereal-time clock is used to keep the data packet generator 3506synchronized with other data packet generators, such as to identify acommon wake up time.

Network interface 3610 provides a data communication interface betweenprocessor 3602 and communication hub 3612. An example of networkinterface 3610 is an Ethernet interface device.

Communication hub 3612 is a network hub that permits data communicationbetween network port 3614 (which can be connected to a network, such asthe Ethernet, for receiving network communications), network interface3610, and computer port 3616 (which can be connected to a computingdevice, such as a personal computer). An example of communication hub3612 is an Ethernet communication hub.

Communication hub 3612 is, in various embodiments, a passive hub, anactive hub, or an intelligent hub. When a packet is received atcommunication hub 3612 from ports 3614, 3616 or network interface 3610,the package is communicated to the other ports 3614, 3616 or networkinterface 3610. A header of the package is read by the receiving devicesto determine if the package is addressed to that device. If so, thepackage is received and processed by that device. If not, in someembodiments, the package is ignored (or discarded) at that device.

In some embodiments, data packet generator 3506 further includes anelectronic gate (not shown) configured between the communication hub3612 and network port 3614. In this example, incoming packets receivedat computer port 3616 from computing device 3508 that are addressed tothe data packet generator 3506, can be selectively blocked by theelectronic gate, while still being received at the network interface3610. Other communications, however, such as communications betweencomputing device 3508 and server 3502, are allowed to pass through theelectronic gate uninterrupted. In some embodiments, data packetgenerator 3506 is a gateway.

Power supply 3618 provides power to data packet generator 3506. In someembodiments power supply 3618 includes one or more batteries 3620. Insome embodiments the battery 3620 is small, such as sufficient tomaintain data in memory 3606, or to continue operating timer 3608. Inother embodiments, battery 3620 is sufficient to fully power all of thecomponents of data packet generator 3506.

Power supply 3618 typically includes filtering electronics to supply aconsistent power source to data packet generator 3506. Further, someembodiments of power supply 3618 receive power from an external source.For example, some embodiments of data packet generator 3506 include apower cord or power input port for receiving a power cord. In anotherpossible embodiment, power is received at power supply 3618 from dataports 3614 or 3616, such as from a Power over Ethernet system. Someembodiments include solar panels to convert light into electricity.Other embodiments receive power from other sources, such as fromelectromagnetic waves or electromagnetic induction.

In some embodiments, data packet generator 3506 includes a wirelesscommunication device 3622 that permits data packet generator 3506 tosend and/or receive data wirelessly, such as through antenna 3624.

Some embodiments include additional communication devices, such as auniversal serial bus interface 3626. USB interface 3626 operates tocommunicate with a USB device according to one or more USB communicationprotocols. In some embodiments power supply 3618 receives power throughUSB interface 3626. In some embodiments, external devices are connectedwith the data packet generator 3506 through USB interface 3626. Examplesof external devices include a USB memory stick, a camera, an externalsensor, or a wide variety of other external devices. Other communicationprotocols are used in some embodiments.

Sensors 3628 are included in some embodiments. Other embodiments includemultiple sensors, such as sensors 3630, 3632, and 3634. Examples ofsensors include tamper sensors (such as a screw presence sensor),position sensors (including GPS receivers, altitude sensors, distancefrom floor or ceiling sensors), movement sensors (such as anaccelerometer), temperature sensors, user presence sensors (e.g., heat,motion, or sound sensors), smoke detector, asset tag sensor (such as anRFID receiver or 802.11 communication device), or other sensors. Someembodiments do not include sensors 3628.

FIGS. 37-49 illustrate various possible embodiments of data packetgenerator 3506 having different form factors.

FIGS. 37-39 illustrate an example embodiment of the data packetgenerator 3506. FIG. 37 is a plan view, FIG. 38 is a side view, and FIG.39 is another side view.

In this example, data packet generator 3506 includes housing 3702,fastener holes 3704, fasteners 3706, tapered edges 3708, USB ports 3710,network port 3614, and computer port 3616.

Housing 3702 provides a protective enclosure for components of datapacket generator 3506. Although one exemplary shape is illustrated,other embodiments include other shapes. In this example, housing 3702includes tapered edges 3708 that reduce or eliminate sharp corners.Housing 3702 is configured to be securely mounted, in some embodiments,to a work surface, such as a top or bottom surface of a desk. In thisexample, housing 3702 includes fastener holes 3704 configured to receivefasteners 3706, such as screws. To mount data packet generator 3506 to awork surface (or other object), fasteners 3706 are inserted throughfastener holes 3704 and into the work surface.

In some embodiments, data packet generator 3506 includes network port3614. In one example, network port 3614 is an Ethernet port configuredto receive an Ethernet plug of an Ethernet cable. Other embodimentsinclude other ports, such as a telephone port or USB port. In someembodiments, network port 3614 is configured to receive an Ethernetcable that is connected to an Ethernet port, such as in a wall that isin data communication with a network, such as a local area network orthe Internet. Some embodiments include multiple network ports 3614(e.g., two, three, four, or more). Other embodiments do not includenetwork ports 3614.

Data packet generator 3506 further includes, in some embodiments, acomputer port 3616. An example of a computer port 3616 is an Ethernetport. In some embodiments the computer port 3616 is configured toreceive an Ethernet plug of an Ethernet cable. In some embodiments,network port 3614 is configured to receive an Ethernet cable that isconnected to a computer, such as through the computer's Ethernet port.Some embodiments include multiple computer ports 3616 (e.g., two, three,four, or more).

Some embodiments of data packet generator 3506 include one or moreexternal connectors, such as USB ports 3710. In some embodiments, USBports 3710 are electrically connected to USB interface 3626, shown inFIG. 36 . In this example, two USB ports 3710 are shown, although otherembodiments include one, two, three, four, or more USB ports 3710. Someembodiments do not include USB port 3710. Other embodiments includeother external connectors configured to communicate using a datacommunication protocol. In other embodiments, one or more externalconnectors deliver or receive power or perform another function.

In some embodiments, ports 3614, 3616, and external ports such as USBports 3710 are holes formed in housing 3702. For example, the holes areconfigured to receive a wire, set of wires, cable, or other object ordevice. In other embodiments, ports are physical connectors configuredto receive a standard or non-standard plug, such as RJ45 jacks, USBjacks, or other data ports.

FIGS. 40-42 illustrate another example embodiment of data packetgenerator 3506. FIG. 40 is a schematic perspective view of an examplesystem 4000 including data packet generator 3506. FIG. 41 is a schematicside view of data packet generator 3506 in a storage configuration. FIG.42 is a schematic plan view of data packet generator 3506, also in astorage configuration.

In some embodiments, data packet generator 3506 is configured for use insystem 4000. In this example, system 4000 includes computing device 120,data packet generator 3506, and network wall port 4002. Examples ofcomputing device 120 are described herein.

In some embodiments, data packet generator 3506 is configured forconnection between network wall port 4002 and a computing device 120. Insome embodiments, data packet generator 3506 operates as an Ethernetcable to communicate digital data between network wall port 4002 andcomputing device 120.

Network wall port 4002 is, for example, one, two, or more Ethernet ports(e.g., RJ45 jacks) installed in a wall outlet configuration. Otherembodiments of system 4000 do not include network wall ports 4002, butdo include other network ports for connection to a local area network orthe Internet, for example.

In the example shown in FIGS. 40-42 , data packet generator 3506includes housing 4010, network cable 4020, and network cable 4024.

Housing 4010 forms an enclosure for housing components of data packetgenerator 3506, such as components shown in FIG. 36 . In this example,housing 4010 further includes a cable storage region 4016. The cablestorage region 4016 is formed in a recess between flanges 4012 and 4014.When in a storage configuration, network cables 4020 and 4024 arewrapped around housing 4010 and arranged within cable storage region4016, as shown in FIGS. 41 and 42 . During use, network cables 4020 and4024 are unwrapped (or partially unwrapped) from cable storage region4016, such as to reach between a network port of computing device 120and network wall port 4002. When network cables 4020 and/or 4024 are atleast partially unwrapped from cable storage region 4016, the datapacket generator 3506 is in a ready-to-use configuration.

In another possible embodiment, housing 4010 includes a cable retractionand storage system. An example of a cable retraction and storage systemincludes a spool and a spring mechanism. When the network cables 4020and 4026 are in the ready-to-use configuration, the spring mechanism canbe activated to retract the network cables 4020 and 4024, which causesthe network cables to wrap around the spool. The network cables 4020 and4024 are extended by pulling on one or more of the network cables 4020and 4024. An anti-retraction mechanism is used in some embodiments toselectively lock network cables 4020 and 4024 in the desired extendedand ready-to-use configurations. Other embodiments include otherconfigurations including an alternative cable storage region. Further,in some embodiments, straps or bands are used to hold network cables4020 and 4024, when the network cables 4020 and 4024 are in the storageconfiguration.

In this example, network cable 4020 includes plug 4022. Network cable4024 also includes plug 4026. Examples of plugs 4022 and 4026 areEthernet plugs, such as RJ45 plugs, or other network plugs. Plug 4022is, in this example, configured for connection with a networkcommunication port of computing device 120. Plug 4026 is, in thisexample, configured for connection with a network port, such as port4004 of network wall port 4002.

Some embodiments of data packet generator 3506, such as shown in FIGS.40-42 , include network cables 4020 and 4026 that are permanently andnon-releasably connected to the data packet generator 3506 withinhousing 4010. In some embodiments, network cables 4020 and 4024 arepermanently connected to data packet generator 3506 within housing 4010.In other embodiments, network cables 4020 and 4024 are non-releasablyconnected to data packet generator 3506 within housing 4010. Thisreduces the chance of a network communication failure, for example, andreduces the installation steps because network cables 4020 and 4024 donot have to be separately connected by a technician to housing 4010 asseparate installation steps. Further, an advantage of some embodimentsis that additional room is provided within housing 4010 for larger oradditional batteries or other components.

FIGS. 43-44 illustrate an example charging station 4300. FIG. 43 is aperspective view of an example charging station 4300. FIG. 44 is aperspective view of an example charging station 4300 including aplurality of data packet generators 3506 stacked thereon. The examplecharging station 4300 is used, in some embodiments, for storing one ormore data packet generators 3506 (such as shown in FIGS. 40-42 ), andalso for recharging batteries of one or more data packet generators, insome embodiments.

In this example, charging station 4300 includes a base 4302, chargingelectronics 4304, alignment pins 4306 and 4310, electrical contacts 4308and 4312, and power cord 4314.

Base 4302 is configured to rest on a surface, such as a table or desktop. A high friction material (such as a foam or rubber material) isarranged on a bottom surface of base 4302 in some embodiments for addedstability. Base 4302 includes an interior space for housing electricalcircuitry 4304 therein. In some embodiments electronics include an AC toDC converter and power filtering circuitry. Some embodiments includesmart charging circuitry, such as including a processor and memory andcharge sensing circuitry that monitors the charging to provide asuitable amount of charging current to charge batteries of data packetgenerators 3506 and to stop charging when all batteries are fullycharged. Some embodiments include a trickle charger.

In another possible embodiment, charging electronics generate magneticor electromagnetic fields to charge one or more data packet generators3506, such as by electromagnetic induction. As a result, someembodiments do not need electrical contacts 4308 and 4312.

In some embodiments base 4302 includes alignment pins 4306 and 4310 thatact to align and aid in the correct positioning of a data packetgenerator 3506 thereon. In such embodiments, for example, data packetgenerators 3506 include matching receptacles that receive portions ofalignment pins 4306. Other embodiments include other structures foralignment, such as a flange extending from an outer periphery. Anotherpossible embodiment includes a support tube that extends generallyvertically upward from the base for receiving and storing data packetgenerators 3506 therein.

In some embodiments, distal ends of alignment pins 4306 includeelectrical contacts 4308 and 4312 for delivering charging power fromelectrical circuitry 4304 to a data packet generator 3506 when stackedthereon. In such embodiments, data packet generators 3506 includeelectrical contacts within a corresponding receptacle that make anelectrical connection with contacts 4308 or 4312. Further, in someembodiments, data packet generators 3506 further include pins andelectrical contacts at an opposing surface, to allow yet another datapacket generator 3506 to be stacked thereon. A portion of the chargingpower from contacts 4308 and 4312 is delivered to the additional one ormore stacked data packet generators 3506. In this way, any number ofdata packet generators (e.g., two, three, four, five, or more) 3506 canbe stacked on charging station 4300 for simultaneous charging.

Power cord 4314 provides power to electrical circuitry 4304 in someembodiments.

FIG. 45 illustrates another example embodiment of data packet generator3506. In this example, data packet generator 3506 is integrated into acable, such as an Ethernet cable, and includes plug 4502, cable 4504(including an outer sheath and one or more conductive wires), plug 4506,and components 4508.

Examples of plugs 4502 and 4506 are RJ45 plugs, but other embodimentsinclude other plugs or connectors.

Cable 4504 includes an outer protective sheath and one or moreconductive wires therein that are, in some embodiments, electricallyconnected to plugs 4502 and 4506.

In some embodiments, components 4508 are integrated into the spacewithin the outer protective sheath of cable 4504. An example ofcomponents 4508 is illustrated and described with reference to FIG. 36 ,herein. Not all components are included in all embodiments. As onespecific example, ports 3614 and 3616 are not included in someembodiments such as shown in FIG. 45 . In some embodiments,communication hub 3612 is electrically coupled to wires within cable4504.

In another possible embodiment, components 4508 are within a separateenclosure, other than cable 4504 sheathing. For example, heat shrinktubing is used to surround components 4508 and a portion of cable 4504.In another possible embodiment, components 4508 are within or adjacentto plugs 4502 or 4506.

FIG. 46 is a front view of another example data packet generator 3506,in the form of a hoteling hub, such as configured for use in a hotelingstation (e.g., a short-term, temporary, or unassigned work space, suchas a cubicle or an office). In some embodiments, the hoteling hub 4602is configured to receive a data packet generator 3506. In otherembodiments, the hoteling hub 4602 is itself a data packet generator3506.

The hoteling hub 4602 increases the functionality of the data packetgenerator 3506, in some embodiments. In this example, hoteling hub 4602includes housing 4604, network ports 4606, electrical receptacles 4608,a pencil holder 4610, a clock 4612, a power cord 4614, and a networkcable 4616. External ports, such as USB ports 3710 are also provided insome embodiments. Other embodiments include more or fewer components.

In this example, housing 4604 is configured to receive data packetgenerator 3506 therein. In some embodiments, housing 4604 is formed topermit access to portions of the data packet generator 3506, such as USBports 3710. In other embodiments, housing 4604 fully encloses datapacket generator 3506.

Various possible components are provided for added user convenience andto increase the functionality of data packet generator 3506. Forexample, in some embodiments additional network ports 4606 are provided.Network ports 4606 are connected to computer port 3616 of data packetgenerator 3506 in some embodiments. Network ports 4606 are connected toa network, such as a local area network or the Internet through datapacket generator 3506, which is connected to the network through networkcable 4616, for example. Other embodiments connect network ports 4606directly to a network cable, without first passing through data packetgenerator 3506.

In some embodiments electrical receptacles 4608 are provided, such asconnected to a power cord 4614 or an Ethernet cable (which receivespower from a power over Ethernet system, for example). A pencil holderor other structural features are formed in housing 4604 in someembodiments. Some embodiments include a clock 4612 that displays thecurrent time.

FIGS. 47 and 48 illustrate further example embodiments of data packetgenerator 3506. FIG. 37 illustrates an example data packet generator3506 integrated into a network receptacle 4700, such as an Ethernetreceptacle. FIG. 38 illustrates an example data packet generatorintegrated into a power receptacle 4800. In some embodiments, networkreceptacles 4700 and power receptacles 4800 are configured forinstallation within a wall. Components of data packet generator 3506 areintegrated into network receptacle 4700 and power receptacle 4800.Examples of such components are shown in FIG. 36 .

FIG. 49 illustrates a further example embodiment of data packetgenerator 3506. In this example, data packet generator 3506 isintegrated into a clock 4900.

FIG. 50 is a schematic block diagram of another example system 5000utilizing wireless data communication. In addition, FIG. 50 illustratesa method for automatically identifying a nearest data packet generator3506. In this example, system 5000 includes server 108, network 106,wireless access point 5002, computing device 120, data packet generator3506′ and data packet generator 3506″. Some embodiments include multipleor many of the various components of system 5000, such as wirelessaccess point 5002, computing device 120, and data packet generators3506.

In some embodiments, computing device 120 is configured to communicatewith network 106 wirelessly. Example of a wireless data communicationprotocols are the 802.11 series of data communication protocols,although other embodiments utilize other protocols. In this example,computing device 120 transmits and receives messages wirelessly withwireless access point 5002, which is in data communication with network106. Other possible embodiments utilize wired communication, such asthrough a network cable.

Under the typical 802.11 wireless protocol, a particular local areanetwork is assigned a friendly name, referred to as the service setidentifier (SSID). In some embodiments, the SSID is up to 32 characterslong. If configured to do so, the SSID is broadcast from wireless accesspoint 5002 to permit computing device 120 (or the associated user) toidentify the local area network and to determine whether or not thecomputing device 120 (or the associated user) wants to connect to thatnetwork. In this example, wireless access point 5002 broadcasts an SSID#1.

Once connected to the network of wireless access point 5002, a datacommunication path 5004 is formed between wireless access point 5002 andcomputing device 120. For example, computing device 120 can sendmessages to network 106 or server 108 by sending the messages towireless access point 5002. Similarly, server 108 or network 106 cansend messages to computing device 120 by sending the messages throughwireless access point 5002.

When computing device 120 has formed data communication path 5004, mostexisting operating systems will not allow computing device 120 to alsojoin an additional wireless communication network (although such dualcommunication is expected to be included as a feature in Microsoft®Windows® 7). As a result, if computing device 120 (or the associateduser) wanted to connect temporarily to another communication path, datacommunication path 5004 would have to be terminated, and the alternatecommunication path be established. After communication, the alternatecommunication path would need to be terminated, and communication path5004 reestablished. This process, particularly if being doneautomatically by a computer, could be disruptive to a user who is tryingto send or receive data with computing device 120 across communicationpath 5004.

As a result, another option is illustrated in FIG. 50 . In this example,even when data communication path 5004 is established, computing device120 is configured to wirelessly receive additional SSIDs from devicesother than (or in addition to) wireless access point 5002. This isperformed without interrupting data communication path 5004.

Data packet generators 3506′ and 3506″ include wireless communicationsystems, such as 3622 shown in FIG. 36 that permit them to communicatedata wirelessly to computing device 120 or wireless access point 5002,in some embodiments. The data packet generators 3506′ and 3506″ areconfigured to simulate a wireless access point, and to broadcast theirown SSIDs. For example, data packet generator 3506′ broadcasts an SSIDof SSID #2 and data packet generator 3506″ broadcasts an SSID of SSID#3. Computing device 120 is configured to receive the SSIDs, even whendata communication path 5004 is active.

The SSIDs of data packet generators 3506′ and 3506″ are used to conveyinformation to computing device 120 in some embodiments. For example,some embodiments insert a data packet into the SSID so as to convey anentire data packet to computing device 120 through SSID #2 or SSID #3.In this way, data generators 3506′ and 3506″ can send data to computingdevice 120, without interrupting communication path 5004.

One example of a data packet that is inserted into an SSID is a serialnumber of the data packet generator 3506′ or 3506″. Another example of adata packet is a passcode, such as including seven characters (or otherpasscodes described herein). Another possible example includes multiplepasscodes, such as a previous passcode, a current passcode, and a nextpasscode. Yet another possible embodiment includes a serial number andone or more (two, three, four, or more) passcodes. One specific exampleof an SSID includes a serial number (e.g., seven digits), and threepasscodes (e.g., each being seven digits). This example forms an SSIDhaving 28 characters, which is less than the 32 character maximum of atypical 802.11 system.

The computing device 120 is configured to scan for SSIDs, and to receiveall available SSIDs that are within wireless communication range. Insome embodiments the SSIDs are then stored in memory of computing device120, such as in a table 5010. In addition, in some embodiments thestrength of the signal is measured by computing device 120, and therelative strength associated with each SSID is also stored in memory,such as in table 5010. In this example, SSID #1 has a strength of fourbars (e.g., high strength), SSID #2 has a strength of three bar (e.g.,good strength), and SSID #3 has a strength of three bars (e.g., moderatestrength). Other embodiments identify strengths in other units, such asin mW or dBm.

The relative signal strength is one indication of the proximity of datapacket generators 3506′ and 3506″ to computing device 120. In theexample shown in FIG. 50 , for example, it is likely that data packetgenerator 3506′ is closer to computing device 120 than data packetgenerator 3506′, due to the higher signal strength of the signalincluding the SSID #2 as compared to the signal strength of SSID #3.Although the signal strength can be attenuated by objects, such as awall, between the data packet generators 3506 and computing device 5010,the signal strength is typically a good indication of relativedistances. This information can be combined with additional informationto obtain more accurate distance or location information in someembodiments.

After receiving the SSIDs, computing device 120 evaluates the SSIDs todetermine whether the SSID is a data packet from a data packet generator3506. In some embodiments this is performed by evaluating the content ofthe SSID, to determine if it conforms to an expected format, such asincluding a certain number of characters or digits, or including aparticular code or identifier. In other embodiments, the SSIDs are allcommunicated to a server 108, which evaluates the SSIDs to determinewhich, if any, of the SSIDs are associated with a data packet generator3506. For example, the server 108 first determines whether the serialnumber in the SSID is a valid serial number of a data packet generator.If so, the server 108 next determines whether one or more of thepasscodes in the data packet is a valid passcode for the identified datapacket generator.

After each SSID has been evaluated, whether by the computing device orserver 108, a list of the nearby data packet generators 3506 isdetermined. In this example, SSID #2 and SSID #3 are both determined tocontain a data packet. For each SSID that included a valid data packet,the signal strengths in table 5010 are then evaluated to identify thesignal having the strongest signal strength. In this example, the signalassociated with SSID #2 is determined to have the strongest signalstrength. As a result, data packet generator 3506′ is determined to bethe nearest data packet generator, in some embodiments.

In some embodiments, after a particular data packet generator 3506′ hasbeen identified as being the nearest neighbor to another data packetgenerator 3506″, that data packet generator 3506′ will continue to bereported (or identified) as the nearest neighbor (even if the signalstrength of data packet generator 3506′ falls below another data packetgenerator 3506′″) until that data packet generator 3506′ is no longeravailable. This embodiment prevents false reports of movement based onsmall changes in signal strength, for example.

In another possible embodiment, data packet generators 3506 operate toreceive signals from other data packet generators 3506, and/or fromcomputing device 120. The information is communicated from the datapacket generator 3506 to server 108, such as by sending the informationto wireless access point 5002, or via a wired network connection.

In some embodiments a computing device operates to collect all of thedata packets from a plurality of data packet generators, such as bywirelessly receiving and recording in memory each SSID that istransmitted by the data packet generators that are within a wirelesscommunication range. The computing device then reports the collecteddata back to a server where is stored in memory and processed.

Further, in some embodiments full data packets are also received by thecomputing device (either via a wired network or wireless network)containing additional data. The computing device receives the full datapacket as well as the SSID data packet and merges the data. In someembodiments the merged data is then communicated to the server.

Some computing devices described herein include a wireless communicationcard that is configured to receive SSIDs, but are not configured to joina wireless network identified by the SSID. Such a wireless communicationcard provides added network security by preventing undesired wirelessdata communication, while still allowing the computing device to receivedata in the form of an SSID.

FIG. 51 is a schematic diagram of an example mesh network 5100. In thisexample, mesh network 5100 includes a plurality of data packetgenerators, including data packet generators 3506′, 3506″, 3506′, and3506″″. Other embodiments include other numbers of data packetgenerators 3506. A method of locating one or more neighboring datapacket generators 3506 is also described with reference to FIG. 51 .

In some embodiments, data packet generators 3506 include a wirelesscommunication system, such as 3622, shown in FIG. 36 . The wirelesscommunication system generates wireless signals having a signal range.Communication can occur between two data packet generators 3506 if theyare both within each other's signal range R1.

In this example, data packet generator 3506′ has a signal range of R1.In some embodiments the signal range is approximately a circular regionsurrounding data packet generator 3506′, in the absence of objects thatact to attenuate portions of the signal. Other embodiments havedifferently shaped signal regions, such that the distance of signalrange R1 can be different in different directions.

In some embodiments, data packet generators 3506 have different wirelesspower levels, providing variable signal ranges. For example, someembodiments include a low and a high signal level. Another embodimentincludes a high, medium, and low power level. A further embodimentincludes four signal levels ranging from low to high. Yet otherembodiments have more signal levels, such as five or more or ten or moresignal levels.

One example embodiment of mesh network 5100 operates as follows. At apredetermined time (such as periodically each minute, hour, day, week,month, or year), all data packet generators 3506 wake up, form an ad hocnetwork and exchange a data packet. In some embodiments, each datapacket generator 3506 begins with the lowest wireless power level, suchas a low power level. The data packet generators then wait to receive adata packet from a neighboring data packet generator. If received, thedata packet (or data from the data packet) is stored in memory. In someembodiments, the data packet generator associated with the received datapacket is identified by the receiving data packet generator as being thenearest neighbor. If more than one data packet is received, then, insome embodiments, each of the data packet generators are identified asbeing the nearest neighbors. Alternatively, the relative strength of thereceived signals are used to further identify relative distances of datapacket generators.

If a data packet is received, in some embodiments, the data packetgenerator 3506 then stops broadcasting. Alternatively, if only a singlewireless power level is to be used, data packet generator 3506 stopsbroadcasting.

In other embodiments, the data packet generator 3506 continuesbroadcasting to search for additional neighbors. The wireless powerlevel is adjusted to the next higher setting, and a second data packetis broadcast. The data packet generator 3506 then waits to receive adata packet from one or more neighboring data packet generators. Ifreceived, the data packet (or data from the data packet) is stored inmemory. The process of increasing the wireless power level, broadcastinga data packet, and receiving a data packet (if any) continues, in someembodiments, until the data packet generator 3506 has broadcast a datapacket at the highest power level, or highest selected power level.

This process allows data packet generators 3506 to identify theirneighbors and to provide at least some information about the respectivelocations of each data packet generator.

In the example shown in FIG. 51 , mesh network 5100 includes four datapacket generators 3506′, 3506″, 3506′″, and 3506′. At the predeterminedtime, all data packet generators form an ad hoc network and exchangedata packets within the respective signal ranges R1, R2, R3, and R4.

The data packet generators then receive data packets from neighboringdata packet generators. For example, data packet generator 3506′receives a data packet from data packet generator 3506″ because it iswithin signal range R2. Data packet generator 3506″ receives a datapacket from data packet generators 3506′ and 3506′″ because it is withinthe signal ranges R1 and R3. Data packet generator 3506′ receives datapackets from data packet generators 3506″ and 3506′ because it is withinthe signal ranges R2 and R4. Data packet generator 3506′ receives a datapacket from data packet generator 3506′ because it is within the signalrange R3.

After storing the data in memory, in some embodiments data packetgenerators are configured to insert some or all of the data into a datapacket to be subsequently transmitted to another device, such as server108, another data packet generator 3506, or a computing device.

When received by server 108, for example, the server acts in someembodiments to process the data and to determine whether any position orlocation changes have occurred. In some embodiments, server 108identifies a location, or approximate location, of a data packetgenerator 3506 based on the locations of its nearest neighbors. In someembodiments the location data is used to generate a user interfacedisplay or is associated with a CAFM system. In other embodiments,tampering or relocating is detected by identifying the absence of a datapacket generator that was previously within a mesh network 5100 orpreviously identified as a nearest neighbor to a particular data packetgenerator. Sometimes an accelerometer is used to identify which deviceexperienced motion, since the data packets for all nearby data packetgenerators may change with just one simple reconfigure.

FIGS. 52-53 illustrate various examples of data packets 5200. FIG. 52 isa block diagram of one embodiment of data packet 5200. FIG. 53 is ablock diagram of another example data packet 5200.

One example of a data packet 5200 includes data 5202. Examples of datainclude a serial number or a passcode. As discussed herein, someembodiments display data packet 5200 on a display device, such asincluding a single passcode. In some embodiments data 5202 includesmultiple pieces of data, such as a serial number and a passcode, ormultiple passcodes, or a serial number and multiple passcodes, or alertcodes or data described herein, or combinations of other data, such asdata shown in Table 2 below, or other data described herein, or yetother data.

FIG. 53 is a block diagram of another example data packet 5200. In thisexample, data packet 5200 includes a header 5302 and data 5202. In someembodiments the header provides an address of the device that the datapacket 5200 is addressed to. In some embodiments the header 5302includes an SSID. In some embodiments data 5202 is included in headerwithout a separate data 5202 section after the header. In someembodiments header 5302 identifies a number of bytes of data 5202 or ofthe entire data packet 5200. Further, some embodiments include a timestamp in header 5302. Other embodiments include other header 5302 data.As noted above, data 5202 includes one or more pieces of data in someembodiments.

Table 2 includes a list of various possible examples of types of data5202 that are included in a data packet in some embodiments. Table 2shows four particular examples of data packets, including examples 1, 2,3, and 4.

Example 1 is data packet that includes only one piece of data, such as apasscode. This data packet 5200 is used in some embodiments when manualentry of the passcode is necessary.

Example 2 is a data packet 5200 including two pieces of data, such as apasscode and a user name. In some embodiments, the data packet ofexample 2 is generated by a computing device after receiving the datapacket of example 1, by adding the username to the passcode to generatea new data packet.

Example 3 is a data packet 5200, such as for use as an SSID. Anexemplary embodiment that utilizes such a data packet is described withreference to FIG. 50 herein. In this example, data packet 5200 includesa serial number and three passcodes.

Example 4 is a data packet 5200 including all available data. Otherembodiments include subsets of the data, or include other data thanspecifically listed herein.

Another possible embodiment of data packet 5200 includes an expansiondata field, and associated expansion data. In this example, data packet5200 includes a set of standard data, but also includes an expansiondata field where a number of expansion data sets are identified. Forexample, a standard set of data includes a serial number, a passcode,and an expansion data field. If a data packet generator needs tocommunicate additional data, the quantity of additional expansion datasets necessary is indicated in the expansion data field. For example,the quantity 2 is inserted into the expansion data field to indicatethat two additional expansion data sets are included. The data packet isthen expanded to include two additional data sets to include theadditional data, for example, temperature data and asset tag data, orany other desired data. This provides a data packet having variablelength. This improves efficiency by not requiring that empty data fieldsbe transmitted in each data packet, and improves flexibility by allowingany desired data to be transmitted. In some embodiments a header isincluded in each expansion data set to identify the type of data beingtransmitted in the each expansion data set.

TABLE 2 TABLE OF EXAMPLE DATA PACKET CONTENT EXAM- EXAM- EXAM- EXAM-DATA TYPE PLE 1 PLE 2 PLE 3 PLE 4 Username 0 15 15 15 Passcode 1 7 7 7 7Passcode 2 0 0 7 7 Passcode 3 0 0 0 7 Serial number 0 0 7 20 Four screws0 0 1 5 Tampering one 1 1 1 5 Tampering two 0 0 0 5 Neighbors serialnumbers at 0 0 5 50 range 1 Neighbors serial numbers at 0 0 0 250 range2 (except in above) Neighbors serial numbers at 0 0 0 1000 range 3(except in above 2) Device has experienced motion 0 0 0 5 exceeding 3seconds Altitude 0 0 0 5 Device has experienced a change 0 0 0 5 inaltitude Presence verification sensors 0 0 0 25 (heat, motion, sound,etc) Version of software/firmware 0 0 0 10 Style of data packetgenerator 0 0 0 15 unit/model Date of most recent 0 0 0 10synchronization with the server Service reps have been in the 0 0 0 50area Security guard has been in the 0 0 0 20 area Emergency responder is0 0 0 100 currently in the area Smoke detected 0 0 0 5 Temperature 0 0 05 Humidity 0 0 0 5 Ethernet in use with no software 0 0 0 5 requestingcodes Mesh network message status 0 0 0 5 (viral transmissions) Deviceis currently on an 0 0 0 15 approved recharging base Error codes 0 0 025 Battery strength 0 0 0 5 POE active/inactive 0 0 0 5 Ping history 0 00 50 Space heater or fire temp has 0 0 0 5 occurred Personal asset tags0 0 0 100 Asset tags 1 0 0 0 200 Asset tags 2 0 0 0 200 Asset tags 3 0 00 200 Box moving asset tags 0 0 0 200 Additional sensor attached to 0 00 50 data packet generator Data from additional sensor 0 0 0 200attached to data packet generator Wireless triangulation 0 0 0 200information GPS information 0 0 0 25 Other RFID information (such as 0 00 50 a badge) Second battery status 0 0 0 5 Time remaining until memory0 0 0 10 erased Mesh network on/off status 0 0 0 5 Time of lastindependent login to 0 0 0 10 the server Time remaining until next 0 0 010 scheduled independent login Time remaining until firmware 0 0 0 10update will be implemented OS of most recent occupant 0 0 0 10 Neighborsserial numbers at 0 0 0 50 range 1 from 24 hours ago Neighbors serialnumbers at 0 0 0 250 range 2 from 24 hours ago Neighbors serial numbersat 0 0 0 1000 range 3 from 24 hours ago Neighbors serial numbers at 0 00 50 range 1 from one week ago Neighbors serial numbers at 0 0 0 250range 2 from one week ago Neighbors serial numbers at 0 0 0 1000 range 3from one week ago Accelerometer status (angle of 0 0 0 10 device)Distance to the floor 0 0 0 5 Device identifier (e.g., devices 0 0 0 50other than data packet generators) (asset in use) Alert overrideapproval code 0 0 0 50 Model number of neighbors in 0 0 0 100 range 1Device experienced massive 0 0 0 5 shock Device experienced water 0 0 05 Device experienced wireless 0 0 0 5 interference (microwave) Log fileof what has happened to 0 0 0 1000 the device Other(s) 0 0 0 1000 TOTALDATA PACKET SIZE 23 23 43 8061

In some embodiments, data packet 5200 and/or data 5202 are encodedand/or encrypted. For example, in some embodiments data packet 5200and/or data 5202 include tags, such as extensible markup language (XML),hypertext markup language (HTML) to encode data 5202. Encryption and/orcompression algorithms are used to package the data 5202 in someembodiments for more efficient or secure transmission of data packet5200. An XML schema is used in some embodiments.

FIG. 54 is a schematic block diagram illustrating an architecture of anexample computing device 120. In this example, computing device 120 is acomputing device, such as a personal computer. In some embodiments,computing device 120 is used to execute the operating system 5418,application programs 5420, program modules 5422, and manipulate theprogram data 5424 described herein. The example computing devicedescribed in FIG. 54 is also an example of a suitable computing device130 or server 108, or any other computing device disclosed herein.Further, in some embodiments the code generators and data packetgenerators described herein are implemented by such a computing device.

Computing device 120 includes, in some embodiments, at least oneprocessing device 5402. A variety of processing devices are availablefrom a variety of manufacturers, for example, Intel or Advanced MicroDevices. In this example, computing device 120 also includes systemmemory 5404, and system bus 5406 that couples various system componentsincluding system memory 5404 to processing device 5402. System bus 5406is one of any number of types of bus structures including a memory bus,or memory controller; a peripheral bus; and a local bus using any of avariety of bus architectures.

System memory 5404 includes read-only memory 5408 and random accessmemory 5410. Basic input/output system 5412, containing the basicroutines that act to transfer information within computing device 120,such as during start up, is typically stored in read-only memory 5408.

Computing device 120 also includes secondary storage device 5414 in someembodiments, such as a hard disk drive, for storing digital data.Secondary storage device 5414 is connected to system bus 5406 bysecondary storage interface 5416. Secondary storage devices 5414 andtheir associated computer readable media provide nonvolatile storage ofcomputer readable instructions (including application programs andprogram modules), data structures, and other data for computing device120.

Although the exemplary architecture described herein employs a hard diskdrive as a secondary storage device, other types of computer readablemedia are used in other embodiments. Examples of these other types ofcomputer readable media include magnetic cassettes, flash memory cards,digital video disks, Bernoulli cartridges, compact disc read onlymemories, digital versatile disk read only memories, random accessmemories, or read only memories.

A number of program modules can be stored in secondary storage device5414 or system memory 5404, including operating system 5418, one or moreapplication programs 5420, other program modules 5422, and program data5424. Server communication module 900, authorization module 902, anddata packet generator communication module 904 (shown in FIG. 9 ) areexamples of program modules 5422.

In some embodiments, a user provides inputs to the computing device 120through one or more input devices 5430. Examples of input devices 5430include keyboard 5432, mouse 5434, and touchpad 5436 (or touch sensitivedisplay). Other embodiments include other input devices 5430, such as abarcode reader, RFID reader, magnetic card reader, USB port, microphone,or other input device. Input devices 5430 are often connected to theprocessing device 5402 through input/output interface 5440 that iscoupled to system bus 5406. These input devices 5430 can be connected byany number of input/output interfaces, such as a parallel port, a serialport, a game port, or a universal serial bus. Wireless communicationbetween input devices and interface 5440 is possible as well, andincludes infrared, BLUETOOTH® wireless technology, 802.11a/b/g/n (orother wireless communication protocols), cellular, or other radiofrequency communication systems in some possible embodiments.

In this example embodiment, a display device 5442, such as a monitor,liquid crystal display device, projector, or touch screen displaydevice, is also connected to system bus 5406 via an interface, such asvideo adapter 5444. In addition to display device 5442, the computingdevice 120 can include various other peripheral devices (not shown),such as speakers or a printer.

When used in a local area networking environment or a wide areanetworking environment (such as the Internet), computing device 120 istypically connected to network 106 through a network interface oradapter 5450. An example of a network interface is an Ethernetinterface. Other possible embodiments use other communication devices.For example, some embodiments of computing device 120 include a modemfor communicating across network 106.

Computing device 120 typically includes at least some form ofcomputer-readable media. Computer readable media include any availablemedia that can be accessed by computing device 120. By way of example,computer-readable media include computer readable storage media andcommunication media.

Computer readable storage media includes volatile and nonvolatile,removable and non-removable media implemented in any device configuredto store information, such as computer readable instructions, datastructures, operating systems 5418, application programs 5420, programmodules 5422, program data 5424, or other data. System memory 5404 is anexample of computer readable storage media. Computer storage mediaincludes, but is not limited to, read-only memory 5408, random accessmemory 5410, electrically erasable programmable read only memory, flashmemory or other memory technology, compact disc read only memory,digital versatile disks or other optical storage, magnetic cassettes,magnetic tape, magnetic disk storage or other magnetic storage devices,or any other medium that can be used to store the desired informationand that can be accessed by computing device 120.

Communication media typically embodies computer readable instructions,data structures, program modules or other data in a modulated datasignal such as a carrier wave or other transport mechanism and includesany information delivery media. The term “modulated data signal” refersto a signal that has one or more of its characteristics set or changedin such a manner as to encode information in the signal. By way ofexample, communication media includes wired media such as a wirednetwork or direct-wired connection, and wireless media such as acoustic,radio frequency, infrared, and other wireless media. Combinations of anyof the above are also included within the scope of computer readablemedia.

In some embodiments, computing device 120 remotely accesses softwarerunning on a server, such as server 108, such as utilizingvirtualization technology or remote access software for deliveringapplications over network 106. For example, Citrix Systems, located inFort Lauderdale, Fla., US distributes software suitable for deliveringapplications over network 106.

Some embodiments according to the present disclosure are or include oneor more of the following.

A code generating device comprising: a housing; a processing devicewithin the housing that generates a passcode; memory that stores thepasscode generated by the processing device; an output device thatoutputs the passcode; and an attachment device rigidly attachable to thehousing to connect the housing to a structure.

A code generating device wherein the output device is selected from thegroup comprising a display, a speaker, a digital communication device,and a wireless communication device.

A code generating device, wherein the passcode comprises alphanumericcharacters.

A code generating device, wherein the alphanumeric characters do notinclude any of the following characters: I, O, Q, 1, and 0.

A code generating device, wherein the alphanumeric characters areselected only from the group consisting of: A, B, C, D, E, F, G, H, J,K, L, M, N, P, R, S, T, U, V, W, X, Y, Z, 2, 3, 4, 5, 6, 7, 8, and 9.

A code generating device, wherein the alphanumeric characters arenumbers.

A code generating device comprising: a processing device that generatesa passcode comprised of a plurality of characters selected from thegroup consisting of A, B, C, D, E, F, G, H, J, K, L, M, N, P, R, S, T,U, V, W, X, Y, Z, 2, 3, 4, 5, 6, 7, 8, and 9; memory that stores thepasscode generated by the processing device; and an output device thatoutputs the passcode.

An authentication system comprising: a code generating device operableto generate a passcode, a computing device operable to prompt a user toenter the passcode, to receive the passcode from the user, and tocommunicate the passcode across a network; and a server device operableto receive the passcode from the computing device across the network,wherein the server device is operable to verify that the passcode is avalid passcode and to identify the passcode as being associated with thecode generating device.

An authentication system, wherein the code generating device includes anattachment device, the attachment device being attachable to astructure.

An authentication system, wherein the server device stores a location ofthe code generating device, such that the location of the codegenerating device is determinable by the server when the serveridentifies the passcode as being associated with the code generatingdevice.

An authentication method comprising: receiving a first passcode;determining that the first passcode is not unique; requesting a secondpasscode; receiving the second passcode; determining that the secondpasscode is unique; and retrieving information associated with at leastthe second passcode.

An authentication method wherein the information identifies a location.

An authentication method, wherein the information identifies an object.

A method of authenticating, the method comprising: receiving an inputvalue from a surface of an object; determining a time; computing apasscode using the input value and the time; and outputting the passcodefor authentication.

A system as shown in any one of the drawings or as described in thedetailed description herein.

A method as shown in any one of the drawings or as described in thedetailed description herein.

A code generating device comprising: a housing including a first housingmember and a second housing member, the first housing member beingpivotally coupled to the second housing member, the second housingmember including a recessed region, wherein the code generator ispositionable in a first position in which the first housing member isreceived within the recessed region, and a second position in which thefirst housing member extends out from the recessed region; a processingdevice within the housing that generates a passcode; memory that storesthe passcode generated by the processing device; an output device thatoutputs the passcode; and an attachment device rigidly attachable to thehousing to connect the housing to a structure.

A code generating device, wherein the output device comprises a display.

A code generating device, wherein the output device comprises a wirelesscommunication device.

A code generating device, wherein the wireless communication device isoperable in a short range communication mode and a longer rangecommunication mode.

A code generating device, wherein the short range communication mode isoperable to automatically communicate a passcode to a computing devicewithout user intervention.

A code generating device, wherein the communication communicates amessage including the passcode and further including alert data.

A code generating device, wherein the longer range communication mode isoperable to automatically communicate with a nearby code generator.

A code generating device, wherein the display displays a manual alertpasscode.

A code generating device, further comprising a tamper sensor.

A code generating device, wherein the tamper sensor comprises a fastenerdetector that operates to detect the presence or absence of a fastenerin a fastener hole.

A code generating device, wherein the display generates a spaceutilization intensity map.

A code generating device, wherein the processor is programmed to operatein a normal mode and in an alert mode.

A code generating device, wherein when operating in the alert mode, thecode generating device displays a passcode on a display, the passcodeincluding an alert code.

A code generating device, wherein when operating in the alert mode, thecode generating device transmits an alert message including a passcodeand alert data.

An authentication system comprising: a server; a conference room controlsystem that manages conference room resources; a code generator locatedin a conference room; and a telephone located in the conference room,wherein a passcode generated by the code generator is entered into thetelephone, which in turn communicates the passcode to the conferenceroom, and wherein the server grants or denies access to conference roomresources based upon the passcode.

A passcode generator with means for integrating with physical and/orvirtual objects or data. An example of a virtual object is currency inan electronic form. Any other physical object can also be a virtualobject in some embodiments.

A method of observing scheduled passcode changes (including in someembodiments SSD name changes) at a moment in time as an authenticationmethod.

A method of observing changes at a moment in time, wherein the moment intime is a period of time in a range from 1 millisecond to about tenminutes. In some embodiments the period of time is less than tenminutes. In another embodiment, the period of time is less than 1millisecond, 10 milliseconds, 100 milliseconds, 1 second, 10 seconds, 30seconds, 60 seconds, 5 minutes, 15 minutes, 1 hour, or 24 hours.

A method of correctly identifying a single passcode generator from amongmany passcode generators while in a duplicating passcode environment. Anexample is shown in FIG. 13 .

A method of using a passcode generator, synchronized server, and CADdrawing to perform GIS functions.

A method of communicating authenticated, real-time information over anIT network without joining that same network.

A method of authenticating a real-time event.

A method of integrating IT, HR, and CRE functions within anorganization.

A method of automating a CAFM program.

A passcode generator including mesh networking capabilities.

A method of communicating a data packet including data, such as any ofthe data shown in Table 2.

A method of acquiring a username at or after login.

A data packet generator that is not worn or carried by a person/humanbeing/animal.

A data packet generator incorporating data from other sources, such as autilities ledger, human resources database, CAFM database, neighboringdevice.

A method of merging a first data packet with another data packet.

A method of merging with a computing device a data packet received froman SSID with a full data packet received from a wireless or wiredcommunication.

A method of sending a merged data packet to a server, and receiving themerged data packet at the server.

A method of generating a real-time, compiled, and/or predictive datadisplay based on information received from one or more data packets fromone or more data packet generators.

A method of communicating a data packet from a data packet generatordirectly to a server across a communication network.

A method of revealing space utilization within a building and/or enablesongoing commercial real estate optimization.

A method of automatically adjusting a building control (such as aheating or cooling system, an elevator, a light, etc.) based on datareceived from one or more data packets of one or more data packetgenerators.

A method of limiting access to resources with a computing system.

A biomimicry of a strand of dna comprising at least one passcode.

A method of controlling a fleet of vehicles.

A method of integrating the operation of a data packet generator withone or more of currency, audio or video data files (e.g., mp3), creditcards, avatars, or other objects discussed herein whether physical orvirtual.

A method of charging back departments based on actual space utilization.

A method of performing any one of the applications described herein orgenerating any one of the dashboards or user interfaces describedherein.

A method of identifying a latitude and a longitude within a building.

A method of enabling location based applications to function withoutrequiring triangulation, GPS data, or RFID data.

A method of acquiring an input from an external source such as aconductive material or light rays, such as by encoding a data packet inthe conductive material or light rays. Other electromagnetic signals areused in other embodiments.

A method of tracking objects throughout a facility or plurality offacilities.

A method of guiding a first responder and/or providing interactivewayfinding.

A method of improving environmental sustainability.

A method of improving predictions and/or recognizing the location ofreconfigurations.

A method of locating a computing device in a facility.

A method of integrating with facility management functions.

A method of detecting tampering.

A method of tying into demographic information, insurance claims,synergy, performance, job satisfaction, and other human resourcemeasures or metrics.

A method of preventing access to a resource based on missing orincorrect information.

A smartphone application as described herein.

A system including a jumpnode server, wherein the jumpnode servercommunicates data outside of a network but prevents unauthorizedcommunication into the network.

A method of locating a voice-over-IP telephone in real-time.

A computing device that receives a software push as a prerequisite toaccessing a wireless network.

A system or method that conforms with the requirements of a dataexchange standards system, such as the open standards for commercialreal estate (OSCRE).

A data packet generator that is ruggedized to endure office/cubiclereconfigurations and smooth to accommodate office/cubicle users.

A data packet generator incorporated into a cubicle or office component.

A method of generating a data feed display that is configured forviewing by a CEO, CFO, CIO, occupancy planner, HR executive, facilitiesmanager, IT manager, space planner, department manager, IT securitymanager, IT technician, disaster response coordinator, mail centerprofessional, facility manager, physical security personnel, call centerprofessional, department move liaison, furniture installer, box mover,work space end user, or common area user.

A data packet generator integrated with a convenience or hoteling hub,such as including easily accessible outlets, ports, jacks, pencilholders, etc.

The present disclosure describes various systems and processes withreference to particular examples and exemplary embodiments. Theparticular features, configurations, and methods described withreference to a particular embodiment are also useful when combined withpart or all of another embodiment to form yet additional embodiments.Such additional embodiments will be readily apparent to a person ofskill in the art. As a result, the following description should be readas a whole with the understanding that many alternative combinations offeatures, configurations, and methods are intended to be within thescope of the present disclosure.

The various embodiments described above are provided by way ofillustration only and should not be construed to limit the claimsattached hereto. Those skilled in the art will readily recognize variousmodifications and changes that may be made without following the exampleembodiments and applications illustrated and described herein, andwithout departing from the true spirit and scope of the followingclaims.

What is claimed is:
 1. A data packet generator comprising: a processingdevice; memory storing data instructions, which when executed by theprocessor cause the processor to periodically generate a passcode, thepasscode including a plurality of characters; an output device thatoutputs a data packet including a passcode; and an attachment deviceconfigured for semi-permanent attachment to an object.
 2. The datapacket generator of claim 1, wherein the output device is a displaydevice.
 3. The data packet generator of claim 1, wherein the outputdevice is a digital data communication device selected from a wiredcommunication device and a wireless communication device.
 4. The datapacket generator of claim 3, wherein the data packet further includesdata selected from a serial number, a second passcode, a temperature, ahumidity, a username, a distance-to-floor, a GPS coordinate, datareceived from a neighboring data packet generator, and a tamper code. 5.The data packet generator of claim 3, wherein the output device is awireless communication device configured to transmit the data packet ina service set identifier.
 6. The data packet generator of claim 1,wherein the plurality of characters is in a range from five to tencharacters.
 7. The data packet generator of claim 1, wherein theattachment device includes one or more of a screw, a bolt, a nail, andadhesive.
 8. The data packet generator of claim 1, wherein theattachment device is configured for attachment to a worksurface and isconfigured to be removed from the worksurface with a non-standard tool.9. The data packet generator of claim 1, further comprising a housing.10. The data packet generator of claim 9, further comprising at leastone permanently connected network communication cable.
 11. The datapacket generator of claim 10, wherein the processor and memory arecontained within an outer enclosure that also encloses at least part ofthe at least one permanently connected network communication cable tosubstantially integrate the data packet generator into the networkcommunication cable.
 12. The data packet generator of claim 10, whereinthe housing includes a cable storage region for storing the networkcommunication cables.
 13. The data packet generator of claim 12, furthercomprising a battery and electrical contacts, wherein the electricalcontacts are configured to receive power from a charging station torecharge the battery of the data packet generator.
 14. The data packetgenerator of claim 1, further comprising one or more of a network cablejack, a power receptacle, a USB port, a clock, and a pencil holder. 15.The data packet generator of claim 1, wherein the processor periodicallygenerates the passcode according to a passcode generation algorithm orby retrieving the passcode from a lookup table.
 16. The data packetgenerator of claim 1, wherein the object is a virtual object or isconfigured to become a virtual environment.
 17. A method of determininga location, the method comprising: receiving at a computing device adata packet from a data packet generator, the data packet including atleast one passcode; determining with the computing device a locationassociated with the passcode; and identifying with the computing devicethe location in a computer-aided design drawing.
 18. The method of claim17, wherein determining with the computing device a location comprises:identifying the data packet generator that generated the passcode; andretrieving from a memory device an indication of the location of theidentified data packet generator as the location associated with thepasscode.
 19. The method of claim 18, further comprising: verifying thelocation of the identified data packet generator based on a plurality ofdata packets received from a mesh network of a plurality of data packetgenerators including the data packet generator.
 20. The method of claim17, wherein the data packet further comprises a username.